11241100x80000000000000006857657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfbac25e666df572022-01-05 09:18:19.460root 11241100x80000000000000006857658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d3bba3b8c7ff42022-01-05 09:18:19.460root 11241100x80000000000000006857659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb6862e5d7a5332022-01-05 09:18:19.460root 11241100x80000000000000006857660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64298a9bf17e55462022-01-05 09:18:19.460root 11241100x80000000000000006857661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b739ab42672f01322022-01-05 09:18:19.461root 11241100x80000000000000006857662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93a569ab5ebefaf2022-01-05 09:18:19.461root 11241100x80000000000000006857663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296f13aaad2b668c2022-01-05 09:18:19.461root 11241100x80000000000000006857664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f95cd7d258b8042022-01-05 09:18:19.462root 11241100x80000000000000006857665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f3fbe947707112022-01-05 09:18:19.462root 11241100x80000000000000006857666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f249fd9e027c62022-01-05 09:18:19.462root 11241100x80000000000000006857667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283dc4d371066f0a2022-01-05 09:18:19.463root 11241100x80000000000000006857668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4052bca653a9f212022-01-05 09:18:19.464root 11241100x80000000000000006857669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ab21823ea638242022-01-05 09:18:19.465root 11241100x80000000000000006857670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a1481d7b6148a2022-01-05 09:18:19.465root 11241100x80000000000000006857671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f87350c561ffa12022-01-05 09:18:19.467root 11241100x80000000000000006857672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e898ab52a578a7622022-01-05 09:18:19.467root 11241100x80000000000000006857673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4e11ae60de4a5e2022-01-05 09:18:19.467root 11241100x80000000000000006857674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd99b416c6303ffb2022-01-05 09:18:19.467root 11241100x80000000000000006857675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae7c8a79bb76bb32022-01-05 09:18:19.959root 11241100x80000000000000006857676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c82cd2eadc0a2aa2022-01-05 09:18:19.960root 11241100x80000000000000006857677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74336322f65460222022-01-05 09:18:19.960root 11241100x80000000000000006857678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fc030db2e2cb6e2022-01-05 09:18:19.960root 11241100x80000000000000006857679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e95a3d96cb79f172022-01-05 09:18:19.960root 11241100x80000000000000006857680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a75cc18ef7accee2022-01-05 09:18:19.961root 11241100x80000000000000006857681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14f0d5daef0c2cb2022-01-05 09:18:19.961root 11241100x80000000000000006857682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a74d2bceb91fbc2022-01-05 09:18:19.961root 11241100x80000000000000006857683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa9520fe1e0c49c2022-01-05 09:18:19.961root 11241100x80000000000000006857684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f31dc18fd76582022-01-05 09:18:19.961root 11241100x80000000000000006857685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdaff745260d282022-01-05 09:18:19.962root 11241100x80000000000000006857686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59d94aae2a8d8502022-01-05 09:18:19.962root 11241100x80000000000000006857687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf4c73e0846e9182022-01-05 09:18:19.962root 11241100x80000000000000006857688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d5d2860889f0572022-01-05 09:18:19.962root 11241100x80000000000000006857689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e675fe6b34dc6a202022-01-05 09:18:19.962root 11241100x80000000000000006857690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ff3d14a49aa832022-01-05 09:18:19.962root 11241100x80000000000000006857691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e164baf7709562022-01-05 09:18:19.962root 11241100x80000000000000006857692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6339adb9304109ad2022-01-05 09:18:19.962root 11241100x80000000000000006857693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f30d10d32e732022-01-05 09:18:20.462root 11241100x80000000000000006857694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa974cfcc5678ad2022-01-05 09:18:20.462root 11241100x80000000000000006857695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed27b59c30639bd2022-01-05 09:18:20.462root 11241100x80000000000000006857696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270915462933bf8d2022-01-05 09:18:20.463root 11241100x80000000000000006857697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf36c833aaf05b72022-01-05 09:18:20.463root 11241100x80000000000000006857698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dcd152a745cbca2022-01-05 09:18:20.463root 11241100x80000000000000006857699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303fad0fd94133d62022-01-05 09:18:20.463root 11241100x80000000000000006857700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3809c776e2d741482022-01-05 09:18:20.463root 11241100x80000000000000006857701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172b83f95e68046f2022-01-05 09:18:20.463root 11241100x80000000000000006857702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd750f2b06fca2492022-01-05 09:18:20.463root 11241100x80000000000000006857703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e751b040643292022-01-05 09:18:20.463root 11241100x80000000000000006857704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df34cd0aebcf655b2022-01-05 09:18:20.463root 11241100x80000000000000006857705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfdf517665494412022-01-05 09:18:20.463root 11241100x80000000000000006857706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060fee89b72a7b202022-01-05 09:18:20.463root 11241100x80000000000000006857707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828c3e063cc7afa32022-01-05 09:18:20.463root 11241100x80000000000000006857708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503360cb1a7632882022-01-05 09:18:20.464root 11241100x80000000000000006857709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7111957ded474da52022-01-05 09:18:20.464root 11241100x80000000000000006857710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638413f9b1fcea932022-01-05 09:18:20.464root 11241100x80000000000000006857711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da3acce2c92e1262022-01-05 09:18:20.960root 11241100x80000000000000006857712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450ef2bf75113fc2022-01-05 09:18:20.960root 11241100x80000000000000006857713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78192dd3703da7332022-01-05 09:18:20.960root 11241100x80000000000000006857714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4d0eebc680d1372022-01-05 09:18:20.960root 11241100x80000000000000006857715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67a6967ded549e92022-01-05 09:18:20.960root 11241100x80000000000000006857716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f9d6afd498bccd2022-01-05 09:18:20.960root 11241100x80000000000000006857717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90562c28208470352022-01-05 09:18:20.961root 11241100x80000000000000006857718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4018f3d4cc4537f2022-01-05 09:18:20.961root 11241100x80000000000000006857719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720e305a97c27c3c2022-01-05 09:18:20.961root 11241100x80000000000000006857720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7bafeb0c4d0592022-01-05 09:18:20.961root 11241100x80000000000000006857721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281ccf515e7f52602022-01-05 09:18:20.961root 11241100x80000000000000006857722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fd77fece158ba32022-01-05 09:18:20.961root 11241100x80000000000000006857723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a656ae57fb3383502022-01-05 09:18:20.961root 11241100x80000000000000006857724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507efc704d0983f2022-01-05 09:18:20.962root 11241100x80000000000000006857725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09cbbd5df2b694e2022-01-05 09:18:20.962root 11241100x80000000000000006857726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c0c0d09c6ddf1a2022-01-05 09:18:20.962root 11241100x80000000000000006857727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f4479fc10706732022-01-05 09:18:20.962root 11241100x80000000000000006857728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c16d320acfa132022-01-05 09:18:20.962root 11241100x80000000000000006857729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0933cbc5d14690d12022-01-05 09:18:21.460root 11241100x80000000000000006857730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242bf3ed2a4376142022-01-05 09:18:21.460root 11241100x80000000000000006857731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d548dfaeaad5f032022-01-05 09:18:21.460root 11241100x80000000000000006857732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20973b225b73b99e2022-01-05 09:18:21.460root 11241100x80000000000000006857733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a422c6db8334bb312022-01-05 09:18:21.460root 11241100x80000000000000006857734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b8fc6634b88782022-01-05 09:18:21.460root 11241100x80000000000000006857735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8f916a4385ed5a2022-01-05 09:18:21.460root 11241100x80000000000000006857736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba2d97618e745bf2022-01-05 09:18:21.460root 11241100x80000000000000006857737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd73d98c7b892162022-01-05 09:18:21.460root 11241100x80000000000000006857738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8902adb11e426c42022-01-05 09:18:21.461root 11241100x80000000000000006857739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895ed069957d52b22022-01-05 09:18:21.461root 11241100x80000000000000006857740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18fc824fa631b502022-01-05 09:18:21.461root 11241100x80000000000000006857741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50167f0a3bbba9162022-01-05 09:18:21.461root 11241100x80000000000000006857742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc721093cf096452022-01-05 09:18:21.461root 11241100x80000000000000006857743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b712e73939a5ff2022-01-05 09:18:21.461root 11241100x80000000000000006857744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f084fb63bb5873f72022-01-05 09:18:21.461root 11241100x80000000000000006857745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c95166a4061982022-01-05 09:18:21.462root 11241100x80000000000000006857746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a009163ff4fdc42022-01-05 09:18:21.462root 11241100x80000000000000006857747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29221f9020fd25692022-01-05 09:18:21.959root 11241100x80000000000000006857748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b2af7a022bd8572022-01-05 09:18:21.959root 11241100x80000000000000006857749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a46a9342150d192022-01-05 09:18:21.959root 11241100x80000000000000006857750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cd54584e5a4a0a2022-01-05 09:18:21.959root 11241100x80000000000000006857751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64b12ab113a13882022-01-05 09:18:21.960root 11241100x80000000000000006857752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e59c4c79199a92022-01-05 09:18:21.960root 11241100x80000000000000006857753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da9cee91b51c66d2022-01-05 09:18:21.960root 11241100x80000000000000006857754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaacabd15ae1ae72022-01-05 09:18:21.960root 11241100x80000000000000006857755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd11faac51e07a682022-01-05 09:18:21.960root 11241100x80000000000000006857756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2884b25356625b2022-01-05 09:18:21.960root 11241100x80000000000000006857757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad65fa88261b0ce2022-01-05 09:18:21.960root 11241100x80000000000000006857758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467979199c05cf5b2022-01-05 09:18:21.960root 11241100x80000000000000006857759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eda3713caa5510f2022-01-05 09:18:21.961root 11241100x80000000000000006857760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba47454d0a3bc12022-01-05 09:18:21.961root 11241100x80000000000000006857761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05245f06ba2ae852022-01-05 09:18:21.961root 11241100x80000000000000006857762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ca676bd99850642022-01-05 09:18:21.961root 11241100x80000000000000006857763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c596264c0e98a0b32022-01-05 09:18:21.961root 11241100x80000000000000006857764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da88021e32ece14c2022-01-05 09:18:21.961root 354300x80000000000000006857765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.175{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40648-false10.0.1.12-8000- 11241100x80000000000000006857766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124135ff8ffa08b02022-01-05 09:18:22.459root 11241100x80000000000000006857767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804c4e7bbd7218692022-01-05 09:18:22.459root 11241100x80000000000000006857768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8276ab4c7c5169c2022-01-05 09:18:22.459root 11241100x80000000000000006857769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6efd7e90073b1eb2022-01-05 09:18:22.459root 11241100x80000000000000006857770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4853a1a07780092022-01-05 09:18:22.460root 11241100x80000000000000006857771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6e81914fa8d3452022-01-05 09:18:22.460root 11241100x80000000000000006857772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc17d946b7f2de42022-01-05 09:18:22.460root 11241100x80000000000000006857773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b9a78e4df1ecc12022-01-05 09:18:22.460root 11241100x80000000000000006857774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142d9338a68ef7992022-01-05 09:18:22.460root 11241100x80000000000000006857775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a6a7f54a0eaf9a2022-01-05 09:18:22.460root 11241100x80000000000000006857776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f145cce391e5532022-01-05 09:18:22.461root 11241100x80000000000000006857777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7cb850706cdc622022-01-05 09:18:22.461root 11241100x80000000000000006857778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898e6f79e303c8c2022-01-05 09:18:22.461root 11241100x80000000000000006857779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0d69a8aec89f32022-01-05 09:18:22.461root 11241100x80000000000000006857780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710fe118a233a4e62022-01-05 09:18:22.461root 11241100x80000000000000006857781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b90ece348b6502022-01-05 09:18:22.461root 11241100x80000000000000006857782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd793a6ba8ea6f52022-01-05 09:18:22.461root 11241100x80000000000000006857783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b8ef3d2237b6dd2022-01-05 09:18:22.461root 11241100x80000000000000006857784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb3910ab10555da2022-01-05 09:18:22.462root 11241100x80000000000000006857785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ac9d932a2b94ed2022-01-05 09:18:22.959root 11241100x80000000000000006857786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ab8815eb35be532022-01-05 09:18:22.960root 11241100x80000000000000006857787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c90cf362ceee672022-01-05 09:18:22.960root 11241100x80000000000000006857788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47505060c7bd92b72022-01-05 09:18:22.961root 11241100x80000000000000006857789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f8e9711b52e382022-01-05 09:18:22.961root 11241100x80000000000000006857790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4deacf1f3b88ea2022-01-05 09:18:22.961root 11241100x80000000000000006857791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7233fd81e3c4062022-01-05 09:18:22.961root 11241100x80000000000000006857792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755877ad32adcc822022-01-05 09:18:22.961root 11241100x80000000000000006857793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c83fa33decdd0d2022-01-05 09:18:22.962root 11241100x80000000000000006857794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6460ba0d96f882022-01-05 09:18:22.962root 11241100x80000000000000006857795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd011aa4e9efcc892022-01-05 09:18:22.962root 11241100x80000000000000006857796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fd3d1c21b0ef712022-01-05 09:18:22.962root 11241100x80000000000000006857797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8faaa565cab46b02022-01-05 09:18:22.962root 11241100x80000000000000006857798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3512f8c30511842022-01-05 09:18:22.962root 11241100x80000000000000006857799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e398a75beaa06912022-01-05 09:18:22.962root 11241100x80000000000000006857800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3f38ef470bae452022-01-05 09:18:22.963root 11241100x80000000000000006857801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2436afbddb1cd3b2022-01-05 09:18:22.963root 11241100x80000000000000006857802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86ead844ef341f52022-01-05 09:18:22.963root 11241100x80000000000000006857803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4fa13e1da57a772022-01-05 09:18:22.963root 11241100x80000000000000006857804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9e0ac34ba1eedb2022-01-05 09:18:23.460root 11241100x80000000000000006857805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57f099d7ee4efd92022-01-05 09:18:23.460root 11241100x80000000000000006857806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355dd8f8d0012a2c2022-01-05 09:18:23.460root 11241100x80000000000000006857807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfd03127d2521092022-01-05 09:18:23.460root 11241100x80000000000000006857808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3945d49123ff98382022-01-05 09:18:23.461root 11241100x80000000000000006857809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b598dd18a198b5e2022-01-05 09:18:23.461root 11241100x80000000000000006857810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff934e1e847de882022-01-05 09:18:23.461root 11241100x80000000000000006857811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ccfb8bf0ee34092022-01-05 09:18:23.461root 11241100x80000000000000006857812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94785836f13bcbb42022-01-05 09:18:23.462root 11241100x80000000000000006857813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36267231d38da2b02022-01-05 09:18:23.462root 11241100x80000000000000006857814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafbf1406b456f802022-01-05 09:18:23.462root 11241100x80000000000000006857815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a3a4201ce68a342022-01-05 09:18:23.462root 11241100x80000000000000006857816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccebd0982b181d222022-01-05 09:18:23.462root 11241100x80000000000000006857817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475cabc0ccdf2c932022-01-05 09:18:23.463root 11241100x80000000000000006857818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a735fbfd2d28a0a42022-01-05 09:18:23.463root 11241100x80000000000000006857819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a42c9f7d0e11232022-01-05 09:18:23.463root 11241100x80000000000000006857820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7d6611167d8cf92022-01-05 09:18:23.463root 11241100x80000000000000006857821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626852e0ff689b842022-01-05 09:18:23.463root 11241100x80000000000000006857822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b94bbb9f5899e12022-01-05 09:18:23.463root 11241100x80000000000000006857823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383cf1918b97285c2022-01-05 09:18:23.960root 11241100x80000000000000006857824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca97455acedb79542022-01-05 09:18:23.960root 11241100x80000000000000006857825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a83ffd6fc8133102022-01-05 09:18:23.960root 11241100x80000000000000006857826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a7e6ba623d97e22022-01-05 09:18:23.960root 11241100x80000000000000006857827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571e571d3da5efe92022-01-05 09:18:23.960root 11241100x80000000000000006857828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091588e0cf604de62022-01-05 09:18:23.960root 11241100x80000000000000006857829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca005a3a357701922022-01-05 09:18:23.960root 11241100x80000000000000006857830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470558e0254b962b2022-01-05 09:18:23.960root 11241100x80000000000000006857831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ea9ed161b93eb02022-01-05 09:18:23.961root 11241100x80000000000000006857832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc98410df8c24032022-01-05 09:18:23.961root 11241100x80000000000000006857833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28837a0c0642841c2022-01-05 09:18:23.961root 11241100x80000000000000006857834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6599b419e603d22022-01-05 09:18:23.961root 11241100x80000000000000006857835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909b63ceff3207602022-01-05 09:18:23.961root 11241100x80000000000000006857836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9fc3bcf78ddb102022-01-05 09:18:23.961root 11241100x80000000000000006857837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b7cf71602667822022-01-05 09:18:23.961root 11241100x80000000000000006857838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4b6b820def25622022-01-05 09:18:23.961root 11241100x80000000000000006857839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb3993b085981512022-01-05 09:18:23.961root 11241100x80000000000000006857840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e9da0bbc88ca682022-01-05 09:18:23.961root 11241100x80000000000000006857841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf6587c91a12e4f2022-01-05 09:18:23.961root 11241100x80000000000000006857842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391530767517c572022-01-05 09:18:24.460root 11241100x80000000000000006857843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef30180da446f1e2022-01-05 09:18:24.460root 11241100x80000000000000006857844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2f1de80e77416f2022-01-05 09:18:24.460root 11241100x80000000000000006857845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e615cca6f0de89112022-01-05 09:18:24.460root 11241100x80000000000000006857846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7f0fc701e2480e2022-01-05 09:18:24.460root 11241100x80000000000000006857847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa86244b6bf6c62022-01-05 09:18:24.460root 11241100x80000000000000006857848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d50c5eb50d8f7882022-01-05 09:18:24.460root 11241100x80000000000000006857849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e7ec3be659cd3e2022-01-05 09:18:24.460root 11241100x80000000000000006857850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec42504e291cb8a2022-01-05 09:18:24.460root 11241100x80000000000000006857851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046e760cc0566ff2022-01-05 09:18:24.460root 11241100x80000000000000006857852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90c294d1e43b76d2022-01-05 09:18:24.461root 11241100x80000000000000006857853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723f20558d57b5122022-01-05 09:18:24.461root 11241100x80000000000000006857854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f19fe2091743642022-01-05 09:18:24.461root 11241100x80000000000000006857855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e71f243ad717a12022-01-05 09:18:24.461root 11241100x80000000000000006857856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d2a048d5f336d02022-01-05 09:18:24.461root 11241100x80000000000000006857857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5ccdd50afe0d42022-01-05 09:18:24.461root 11241100x80000000000000006857858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a5980e9bb029f32022-01-05 09:18:24.462root 11241100x80000000000000006857859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b83acb685da9742022-01-05 09:18:24.462root 11241100x80000000000000006857860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b63fdf90b52f3382022-01-05 09:18:24.462root 11241100x80000000000000006857861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc2d5e455458a012022-01-05 09:18:24.960root 11241100x80000000000000006857862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1557955e59af42022-01-05 09:18:24.960root 11241100x80000000000000006857863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60a0e952e0f98a12022-01-05 09:18:24.960root 11241100x80000000000000006857864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b9fec092939df2022-01-05 09:18:24.960root 11241100x80000000000000006857865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a8a82317e3df22022-01-05 09:18:24.960root 11241100x80000000000000006857866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832eb0b9c47ccd2b2022-01-05 09:18:24.960root 11241100x80000000000000006857867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad3cb073b483fd2022-01-05 09:18:24.961root 11241100x80000000000000006857868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a8d8297dafbf782022-01-05 09:18:24.961root 11241100x80000000000000006857869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f4f8b5753cf262022-01-05 09:18:24.961root 11241100x80000000000000006857870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04099dbb55e464b92022-01-05 09:18:24.961root 11241100x80000000000000006857871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd86b99ce9bf98f72022-01-05 09:18:24.961root 11241100x80000000000000006857872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5dc617bd50c0a2022-01-05 09:18:24.961root 11241100x80000000000000006857873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812f28320dec74e2022-01-05 09:18:24.961root 11241100x80000000000000006857874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fd28fe88e5c8a42022-01-05 09:18:24.961root 11241100x80000000000000006857875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce9a2ebdfba46d2022-01-05 09:18:24.962root 11241100x80000000000000006857876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87431d337dc40102022-01-05 09:18:24.962root 11241100x80000000000000006857877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccd00aa1351c5992022-01-05 09:18:24.962root 11241100x80000000000000006857878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33e51fe7bb2fa8f2022-01-05 09:18:24.962root 11241100x80000000000000006857879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f109bbff577f252022-01-05 09:18:24.962root 11241100x80000000000000006857880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd940812884e6312022-01-05 09:18:25.459root 11241100x80000000000000006857881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4455ee5e6f9a58852022-01-05 09:18:25.460root 11241100x80000000000000006857882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b1f3d8de9b63cb2022-01-05 09:18:25.460root 11241100x80000000000000006857883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1ef94c4a7a6c52022-01-05 09:18:25.460root 11241100x80000000000000006857884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c89b649cd7005e2022-01-05 09:18:25.460root 11241100x80000000000000006857885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5180bbc8d7ee50062022-01-05 09:18:25.460root 11241100x80000000000000006857886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cbddcfd3fa44ba2022-01-05 09:18:25.460root 11241100x80000000000000006857887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f022fbf642fa352022-01-05 09:18:25.460root 11241100x80000000000000006857888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f81a444fcacf582022-01-05 09:18:25.461root 11241100x80000000000000006857889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce90bc2d017df6d92022-01-05 09:18:25.461root 11241100x80000000000000006857890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56567503f525806e2022-01-05 09:18:25.461root 11241100x80000000000000006857891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baed34446ae37562022-01-05 09:18:25.461root 11241100x80000000000000006857892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d1bb01e1f309342022-01-05 09:18:25.461root 11241100x80000000000000006857893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d627a42fd3784862022-01-05 09:18:25.461root 11241100x80000000000000006857894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253df75d73a980a42022-01-05 09:18:25.462root 11241100x80000000000000006857895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef689fd85b09fa4a2022-01-05 09:18:25.462root 11241100x80000000000000006857896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ec9328163db2382022-01-05 09:18:25.462root 11241100x80000000000000006857897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a3c5af505324692022-01-05 09:18:25.462root 11241100x80000000000000006857898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18bafd1ea9a61ff2022-01-05 09:18:25.462root 11241100x80000000000000006857899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e206f6a87227230b2022-01-05 09:18:25.960root 11241100x80000000000000006857900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df48453d3c12c1b2022-01-05 09:18:25.960root 11241100x80000000000000006857901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3c2438c09763e92022-01-05 09:18:25.960root 11241100x80000000000000006857902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f534cb89146feb2022-01-05 09:18:25.960root 11241100x80000000000000006857903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a745764789d682022-01-05 09:18:25.960root 11241100x80000000000000006857904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79867beb436b86672022-01-05 09:18:25.960root 11241100x80000000000000006857905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c82cb8a0ff6120e2022-01-05 09:18:25.960root 11241100x80000000000000006857906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931f54db9c4dd2072022-01-05 09:18:25.961root 11241100x80000000000000006857907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d77d05aa623b78e2022-01-05 09:18:25.961root 11241100x80000000000000006857908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dae4acc0902c102022-01-05 09:18:25.961root 11241100x80000000000000006857909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd18b844c478d662022-01-05 09:18:25.961root 11241100x80000000000000006857910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20eb423adecfe752022-01-05 09:18:25.961root 11241100x80000000000000006857911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1582e0c555fe6f2022-01-05 09:18:25.961root 11241100x80000000000000006857912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa05df1b4abf43042022-01-05 09:18:25.961root 11241100x80000000000000006857913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9dc95d2b415c22022-01-05 09:18:25.961root 11241100x80000000000000006857914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fed6c11636035642022-01-05 09:18:25.961root 11241100x80000000000000006857915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a97e1bf3b5e9672022-01-05 09:18:25.963root 11241100x80000000000000006857916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754e22558393bd8d2022-01-05 09:18:25.963root 11241100x80000000000000006857917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f00f42f63b99c3b2022-01-05 09:18:25.963root 11241100x80000000000000006857918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea3a0774648f7352022-01-05 09:18:26.459root 11241100x80000000000000006857919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4176add9f55cb2022-01-05 09:18:26.459root 11241100x80000000000000006857920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9403be9ef2eb2d712022-01-05 09:18:26.460root 11241100x80000000000000006857921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5111d83e226a8002022-01-05 09:18:26.460root 11241100x80000000000000006857922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787718a57acce9ef2022-01-05 09:18:26.460root 11241100x80000000000000006857923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7950997a76835fa92022-01-05 09:18:26.460root 11241100x80000000000000006857924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff962bd0f2b9a93a2022-01-05 09:18:26.460root 11241100x80000000000000006857925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5915c6fbead912022-01-05 09:18:26.461root 11241100x80000000000000006857926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c98d577aad703c2022-01-05 09:18:26.461root 11241100x80000000000000006857927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4a39a7e919c742022-01-05 09:18:26.461root 11241100x80000000000000006857928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b781df3a17f6be612022-01-05 09:18:26.461root 11241100x80000000000000006857929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edb19ebe4e61fe12022-01-05 09:18:26.461root 11241100x80000000000000006857930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9abae4ccd85e6c22022-01-05 09:18:26.461root 11241100x80000000000000006857931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ff4d6e07eee6b12022-01-05 09:18:26.462root 11241100x80000000000000006857932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93fd5bd713a2ece2022-01-05 09:18:26.462root 11241100x80000000000000006857933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbac4dd20bb966b82022-01-05 09:18:26.462root 11241100x80000000000000006857934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395dda73b25886182022-01-05 09:18:26.462root 11241100x80000000000000006857935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9ca044b3f80ac52022-01-05 09:18:26.463root 11241100x80000000000000006857936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33770f2746ed2a322022-01-05 09:18:26.463root 11241100x80000000000000006857937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cb1b5e64446bb82022-01-05 09:18:26.959root 11241100x80000000000000006857938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647095e142124ec32022-01-05 09:18:26.960root 11241100x80000000000000006857939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1346e97fe8341fd2022-01-05 09:18:26.960root 11241100x80000000000000006857940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6610706c0f9352542022-01-05 09:18:26.961root 11241100x80000000000000006857941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9746ce570a320a42022-01-05 09:18:26.961root 11241100x80000000000000006857942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d0a2b4bbc693112022-01-05 09:18:26.961root 11241100x80000000000000006857943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194b8775ef163cb2022-01-05 09:18:26.961root 11241100x80000000000000006857944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad78d26da00b85622022-01-05 09:18:26.961root 11241100x80000000000000006857945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b336a3a00f0d1b2022-01-05 09:18:26.961root 11241100x80000000000000006857946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e203214e52a8d4ae2022-01-05 09:18:26.961root 11241100x80000000000000006857947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f6138c0066f272022-01-05 09:18:26.962root 11241100x80000000000000006857948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b053f1c56a51c12022-01-05 09:18:26.962root 11241100x80000000000000006857949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f001f820a627e4752022-01-05 09:18:26.962root 11241100x80000000000000006857950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32087ba3d266e7c42022-01-05 09:18:26.962root 11241100x80000000000000006857951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6c2756989518412022-01-05 09:18:26.963root 11241100x80000000000000006857952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432be9b79b67c2312022-01-05 09:18:26.963root 11241100x80000000000000006857953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e203699684a796c2022-01-05 09:18:26.963root 11241100x80000000000000006857954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368e5d6136cedfd22022-01-05 09:18:26.963root 11241100x80000000000000006857955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc8fa6063b4ad122022-01-05 09:18:26.964root 354300x80000000000000006857956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.237{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40650-false10.0.1.12-8000- 11241100x80000000000000006857957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87a7f3eca330fad2022-01-05 09:18:27.238root 11241100x80000000000000006857958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d871290bf15312022-01-05 09:18:27.238root 11241100x80000000000000006857959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d906504504009f592022-01-05 09:18:27.238root 11241100x80000000000000006857960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3aaf52d417a0432022-01-05 09:18:27.238root 11241100x80000000000000006857961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc925da073868d512022-01-05 09:18:27.238root 11241100x80000000000000006857962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abd9c79a5afa7542022-01-05 09:18:27.238root 11241100x80000000000000006857963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7eccc7072d735d2022-01-05 09:18:27.239root 11241100x80000000000000006857964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddafba287f59a2f2022-01-05 09:18:27.239root 11241100x80000000000000006857965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058e51158ee67cf52022-01-05 09:18:27.239root 11241100x80000000000000006857966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cbd0cf0c6822822022-01-05 09:18:27.239root 11241100x80000000000000006857967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ae4b5ac7624df2022-01-05 09:18:27.239root 11241100x80000000000000006857968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67674bad333b52f82022-01-05 09:18:27.239root 11241100x80000000000000006857969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83df099492b00f42022-01-05 09:18:27.240root 11241100x80000000000000006857970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da8519b388ae4c2022-01-05 09:18:27.240root 11241100x80000000000000006857971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c497ab0b192102022-01-05 09:18:27.240root 11241100x80000000000000006857972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ade9c9f5cace582022-01-05 09:18:27.240root 11241100x80000000000000006857973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27dc8e91aec29b2022-01-05 09:18:27.240root 11241100x80000000000000006857974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef22f0da31cafe72022-01-05 09:18:27.240root 11241100x80000000000000006857975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0efc4e638790b82022-01-05 09:18:27.240root 11241100x80000000000000006857976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed763beae8fef0e2022-01-05 09:18:27.241root 11241100x80000000000000006857977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37b1e7f847dce7c2022-01-05 09:18:27.709root 11241100x80000000000000006857978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41854c4c56a3fd192022-01-05 09:18:27.709root 11241100x80000000000000006857979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a2bb8a29f3187e2022-01-05 09:18:27.710root 11241100x80000000000000006857980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26b0b4fc2f8fbe42022-01-05 09:18:27.710root 11241100x80000000000000006857981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f3efe36d16c6d2022-01-05 09:18:27.710root 11241100x80000000000000006857982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb5e7deecfc1712022-01-05 09:18:27.710root 11241100x80000000000000006857983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39c8b6e641668122022-01-05 09:18:27.710root 11241100x80000000000000006857984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23eae37ca3efa5fb2022-01-05 09:18:27.710root 11241100x80000000000000006857985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb29ccd4b3e97752022-01-05 09:18:27.711root 11241100x80000000000000006857986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6aca8219fc24d72022-01-05 09:18:27.711root 11241100x80000000000000006857987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed288a222e4064c2022-01-05 09:18:27.711root 11241100x80000000000000006857988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02683f2080c8282022-01-05 09:18:27.711root 11241100x80000000000000006857989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc897f5aa64ee9d02022-01-05 09:18:27.711root 11241100x80000000000000006857990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d737ab72d17a1a2022-01-05 09:18:27.711root 11241100x80000000000000006857991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778e11eaf88ced402022-01-05 09:18:27.712root 11241100x80000000000000006857992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a324896d3e9200b2022-01-05 09:18:27.712root 11241100x80000000000000006857993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f576e189727040f02022-01-05 09:18:27.712root 11241100x80000000000000006857994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852fc5aa6ba5dec62022-01-05 09:18:27.712root 11241100x80000000000000006857995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c81b4db1bdefe2022-01-05 09:18:27.712root 11241100x80000000000000006857996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf368012336c35fc2022-01-05 09:18:27.713root 11241100x80000000000000006857997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd64445dc347ca02022-01-05 09:18:28.210root 11241100x80000000000000006857998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a66526f2bb931c2022-01-05 09:18:28.210root 11241100x80000000000000006857999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdf144f7693b13d2022-01-05 09:18:28.210root 11241100x80000000000000006858000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1711fd00f330852022-01-05 09:18:28.210root 11241100x80000000000000006858001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eedecd029127ab2022-01-05 09:18:28.210root 11241100x80000000000000006858002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f319ab1879e5e12022-01-05 09:18:28.211root 11241100x80000000000000006858003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9309fe9bc6ca02022-01-05 09:18:28.211root 11241100x80000000000000006858004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc49a80384fdf322022-01-05 09:18:28.211root 11241100x80000000000000006858005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505d439fd10e827b2022-01-05 09:18:28.211root 11241100x80000000000000006858006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab63ebcf6c0bc19f2022-01-05 09:18:28.211root 11241100x80000000000000006858007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f9fb21076f282f2022-01-05 09:18:28.211root 11241100x80000000000000006858008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759e42d0b9a042372022-01-05 09:18:28.212root 11241100x80000000000000006858009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee905b1dc56b532022-01-05 09:18:28.212root 11241100x80000000000000006858010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa433e13430f0da2022-01-05 09:18:28.212root 11241100x80000000000000006858011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e5dd900550ade2022-01-05 09:18:28.212root 11241100x80000000000000006858012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b840400b44f8c3f2022-01-05 09:18:28.213root 11241100x80000000000000006858013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffff97c56afd8ac42022-01-05 09:18:28.213root 11241100x80000000000000006858014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a43aa04bb4e1842022-01-05 09:18:28.213root 11241100x80000000000000006858015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f804e4001e434562022-01-05 09:18:28.213root 11241100x80000000000000006858016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91697066711e1fa2022-01-05 09:18:28.213root 11241100x80000000000000006858017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb29c7f94dad4f632022-01-05 09:18:28.709root 11241100x80000000000000006858018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d160ee329483ca2022-01-05 09:18:28.709root 11241100x80000000000000006858019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d60ec6418e83362022-01-05 09:18:28.710root 11241100x80000000000000006858020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b8379302d2f0f2022-01-05 09:18:28.710root 11241100x80000000000000006858021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e55d28b9b9b06ea2022-01-05 09:18:28.710root 11241100x80000000000000006858022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605bee7ddb8f6aeb2022-01-05 09:18:28.710root 11241100x80000000000000006858023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2169e41b07f3f2342022-01-05 09:18:28.710root 11241100x80000000000000006858024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3315889d2718f2022-01-05 09:18:28.710root 11241100x80000000000000006858025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e5cf799dfb65002022-01-05 09:18:28.711root 11241100x80000000000000006858026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a6a6e553f01802022-01-05 09:18:28.711root 11241100x80000000000000006858027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569824ff1a214ed82022-01-05 09:18:28.711root 11241100x80000000000000006858028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6fb14f1c721dd62022-01-05 09:18:28.711root 11241100x80000000000000006858029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b028a13ca2629d72022-01-05 09:18:28.711root 11241100x80000000000000006858030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d029e1cd49ef93822022-01-05 09:18:28.712root 11241100x80000000000000006858031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d74795a29c40f7f2022-01-05 09:18:28.712root 11241100x80000000000000006858032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f489abcaa1f542b2022-01-05 09:18:28.712root 11241100x80000000000000006858033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd67c02578fdebcb2022-01-05 09:18:28.712root 11241100x80000000000000006858034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3d7738c489eaa32022-01-05 09:18:28.712root 11241100x80000000000000006858035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99def31060504cd22022-01-05 09:18:28.712root 11241100x80000000000000006858036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c7bbc4953864202022-01-05 09:18:28.713root 11241100x80000000000000006858037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d81f8ea88bdb82022-01-05 09:18:29.209root 11241100x80000000000000006858038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4499f71e49142aa02022-01-05 09:18:29.209root 11241100x80000000000000006858039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b450600149073b2b2022-01-05 09:18:29.209root 11241100x80000000000000006858040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177c9fe084d657e2022-01-05 09:18:29.210root 11241100x80000000000000006858041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704fa9aa4b2bec02022-01-05 09:18:29.210root 11241100x80000000000000006858042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e508a0a0b33cf62022-01-05 09:18:29.210root 11241100x80000000000000006858043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313451169e3fb5e82022-01-05 09:18:29.210root 11241100x80000000000000006858044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba4c5141e46dcb22022-01-05 09:18:29.210root 11241100x80000000000000006858045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d31d2b91e1d4562022-01-05 09:18:29.210root 11241100x80000000000000006858046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8083eb4fc101b98d2022-01-05 09:18:29.211root 11241100x80000000000000006858047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c13269de2c48a2022-01-05 09:18:29.211root 11241100x80000000000000006858048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c1f7757aa6920a2022-01-05 09:18:29.211root 11241100x80000000000000006858049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a75f8b969631eb62022-01-05 09:18:29.211root 11241100x80000000000000006858050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a49cc03dd52082022-01-05 09:18:29.212root 11241100x80000000000000006858051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b12e323c95976e42022-01-05 09:18:29.212root 11241100x80000000000000006858052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9e7beb81f7e0cb2022-01-05 09:18:29.212root 11241100x80000000000000006858053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2012eadb37eeef2022-01-05 09:18:29.213root 11241100x80000000000000006858054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2491c438f849bb402022-01-05 09:18:29.214root 11241100x80000000000000006858055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e1f023ad49e31a2022-01-05 09:18:29.214root 11241100x80000000000000006858056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d2a9a9ac50303f2022-01-05 09:18:29.214root 11241100x80000000000000006858057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:18:29.402root 11241100x80000000000000006858058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e29f67b44d389512022-01-05 09:18:29.710root 11241100x80000000000000006858059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9466dee605fb23512022-01-05 09:18:29.710root 11241100x80000000000000006858060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd90a54624d773b2022-01-05 09:18:29.710root 11241100x80000000000000006858061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c1002c30959fcb2022-01-05 09:18:29.710root 11241100x80000000000000006858062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3066863fe117ba2022-01-05 09:18:29.710root 11241100x80000000000000006858063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8575825c24feac22022-01-05 09:18:29.710root 11241100x80000000000000006858064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f7fd9fefd07ed12022-01-05 09:18:29.710root 11241100x80000000000000006858065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2fae26414d5f232022-01-05 09:18:29.710root 11241100x80000000000000006858066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ce3d14f122b412022-01-05 09:18:29.710root 11241100x80000000000000006858067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e1ffd0957787062022-01-05 09:18:29.711root 11241100x80000000000000006858068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81523ce203f9d3182022-01-05 09:18:29.711root 11241100x80000000000000006858069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaef91d28703ee12022-01-05 09:18:29.711root 11241100x80000000000000006858070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6354259361c5fc1d2022-01-05 09:18:29.711root 11241100x80000000000000006858071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55bfc6925e1147a2022-01-05 09:18:29.711root 11241100x80000000000000006858072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a71828dce846f2f2022-01-05 09:18:29.711root 11241100x80000000000000006858073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da13a81c5a69e2c2022-01-05 09:18:29.711root 11241100x80000000000000006858074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef88d8e292a46f72022-01-05 09:18:29.711root 11241100x80000000000000006858075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a301005f29f589dd2022-01-05 09:18:29.712root 11241100x80000000000000006858076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f70df6d0a9a87012022-01-05 09:18:29.712root 11241100x80000000000000006858077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1132ba82ad63ee62022-01-05 09:18:29.712root 11241100x80000000000000006858078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede23a6b75ffaa4e2022-01-05 09:18:29.713root 11241100x80000000000000006858079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857f9bff66ec68832022-01-05 09:18:30.210root 11241100x80000000000000006858080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cadfe825546e972022-01-05 09:18:30.210root 11241100x80000000000000006858081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3871660797375d6e2022-01-05 09:18:30.210root 11241100x80000000000000006858082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8adada9961596f52022-01-05 09:18:30.210root 11241100x80000000000000006858083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e58c0f19ef95a92022-01-05 09:18:30.211root 11241100x80000000000000006858084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02316340fa6fb4bc2022-01-05 09:18:30.211root 11241100x80000000000000006858085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83604637d97da4022022-01-05 09:18:30.211root 11241100x80000000000000006858086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0363045e4b096be62022-01-05 09:18:30.211root 11241100x80000000000000006858087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18acf324c133781b2022-01-05 09:18:30.211root 11241100x80000000000000006858088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe3c70aa2036062022-01-05 09:18:30.211root 11241100x80000000000000006858089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d86086b95262edb2022-01-05 09:18:30.212root 11241100x80000000000000006858090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecdd0fb185c42992022-01-05 09:18:30.212root 11241100x80000000000000006858091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137f98e04fe3edb12022-01-05 09:18:30.212root 11241100x80000000000000006858092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aee373262c038d2022-01-05 09:18:30.212root 11241100x80000000000000006858093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8085e4d80c25036f2022-01-05 09:18:30.213root 11241100x80000000000000006858094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f64503302a4a9d12022-01-05 09:18:30.214root 11241100x80000000000000006858095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b98684a595a0022022-01-05 09:18:30.214root 11241100x80000000000000006858096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db127a8a907f5032022-01-05 09:18:30.214root 11241100x80000000000000006858097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46579e4112c3e20a2022-01-05 09:18:30.215root 11241100x80000000000000006858098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b7336f5394b7a62022-01-05 09:18:30.215root 11241100x80000000000000006858099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee4e1d7103cdee32022-01-05 09:18:30.216root 11241100x80000000000000006858100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9810105101ad5c12022-01-05 09:18:30.710root 11241100x80000000000000006858101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37398a2f33d014d22022-01-05 09:18:30.710root 11241100x80000000000000006858102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f14fd1b57c53042022-01-05 09:18:30.710root 11241100x80000000000000006858103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ce84656bf85ccd2022-01-05 09:18:30.710root 11241100x80000000000000006858104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39de1b0cb5c002852022-01-05 09:18:30.710root 11241100x80000000000000006858105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e173bbd91839b31e2022-01-05 09:18:30.710root 11241100x80000000000000006858106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5a2a2d2132a0072022-01-05 09:18:30.711root 11241100x80000000000000006858107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d3dfb6f9a779092022-01-05 09:18:30.711root 11241100x80000000000000006858108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5154a830527631d2022-01-05 09:18:30.711root 11241100x80000000000000006858109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c4f7d26f8179552022-01-05 09:18:30.711root 11241100x80000000000000006858110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3633cec3e72f842022-01-05 09:18:30.711root 11241100x80000000000000006858111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5cd75d12c34c7a2022-01-05 09:18:30.711root 11241100x80000000000000006858112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d4191245b837142022-01-05 09:18:30.711root 11241100x80000000000000006858113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00df310520ea7cc02022-01-05 09:18:30.711root 11241100x80000000000000006858114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432f2760e22d95862022-01-05 09:18:30.712root 11241100x80000000000000006858115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5275fa90996c17bb2022-01-05 09:18:30.712root 11241100x80000000000000006858116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae834b343d6938b2022-01-05 09:18:30.712root 11241100x80000000000000006858117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35117dacdec7509e2022-01-05 09:18:30.712root 11241100x80000000000000006858118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceef606060446102022-01-05 09:18:30.712root 11241100x80000000000000006858119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ea290881f750972022-01-05 09:18:30.712root 11241100x80000000000000006858120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12b4b35c58d72222022-01-05 09:18:30.712root 11241100x80000000000000006858121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a546af28d98e6632022-01-05 09:18:31.210root 11241100x80000000000000006858122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d800216ad8f85fe02022-01-05 09:18:31.210root 11241100x80000000000000006858123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b43403ffe8c012022-01-05 09:18:31.210root 11241100x80000000000000006858124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a457ce21291d8612022-01-05 09:18:31.210root 11241100x80000000000000006858125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb7ace8605bc9cd2022-01-05 09:18:31.210root 11241100x80000000000000006858126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e0670a4b3aae02022-01-05 09:18:31.210root 11241100x80000000000000006858127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0ef6cc251a24a2022-01-05 09:18:31.210root 11241100x80000000000000006858128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6245b96f576962f2022-01-05 09:18:31.211root 11241100x80000000000000006858129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a827333517c2a7b2022-01-05 09:18:31.211root 11241100x80000000000000006858130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef6771d2c2056ce2022-01-05 09:18:31.211root 11241100x80000000000000006858131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2929e69149984bd2022-01-05 09:18:31.211root 11241100x80000000000000006858132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007990f22d86a03c2022-01-05 09:18:31.211root 11241100x80000000000000006858133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454843ed1a4d2f72022-01-05 09:18:31.211root 11241100x80000000000000006858134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34533ff872940d512022-01-05 09:18:31.211root 11241100x80000000000000006858135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d686bbb47f9533612022-01-05 09:18:31.211root 11241100x80000000000000006858136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c845d3e200eb77142022-01-05 09:18:31.211root 11241100x80000000000000006858137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2445d7a05c0a412022-01-05 09:18:31.211root 11241100x80000000000000006858138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a0687f54f946d2022-01-05 09:18:31.212root 11241100x80000000000000006858139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dda708f8ab404f2022-01-05 09:18:31.212root 11241100x80000000000000006858140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9534fdede0b06dd42022-01-05 09:18:31.212root 11241100x80000000000000006858141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e34d9640e829852022-01-05 09:18:31.212root 11241100x80000000000000006858142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a805ab54c8c7c22022-01-05 09:18:31.710root 11241100x80000000000000006858143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4b5e10823004732022-01-05 09:18:31.710root 11241100x80000000000000006858144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da65fc807f15072022-01-05 09:18:31.710root 11241100x80000000000000006858145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aabfb61469535b2022-01-05 09:18:31.710root 11241100x80000000000000006858146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9fa6052cc976b62022-01-05 09:18:31.710root 11241100x80000000000000006858147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0e5b04fa77a6772022-01-05 09:18:31.710root 11241100x80000000000000006858148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ef9be63f5ac0c2022-01-05 09:18:31.710root 11241100x80000000000000006858149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484745c8fcc9c872022-01-05 09:18:31.711root 11241100x80000000000000006858150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ced3f4b608c0dfd2022-01-05 09:18:31.711root 11241100x80000000000000006858151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab83fb566cc01b2022-01-05 09:18:31.711root 11241100x80000000000000006858152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909750d2516d93b2022-01-05 09:18:31.711root 11241100x80000000000000006858153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f279a358973652022-01-05 09:18:31.711root 11241100x80000000000000006858154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0837c35a1750982022-01-05 09:18:31.711root 11241100x80000000000000006858155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4586239f46356cfb2022-01-05 09:18:31.711root 11241100x80000000000000006858156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dd906a266f37c02022-01-05 09:18:31.711root 11241100x80000000000000006858157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8524440c9b32742d2022-01-05 09:18:31.712root 11241100x80000000000000006858158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0b12fb293a18622022-01-05 09:18:31.712root 11241100x80000000000000006858159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9124e5b7a4255a422022-01-05 09:18:31.712root 11241100x80000000000000006858160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa43b398fefb32d2022-01-05 09:18:31.712root 11241100x80000000000000006858161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54eb2add8a34a5a2022-01-05 09:18:31.712root 11241100x80000000000000006858162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe358780f74e6712022-01-05 09:18:31.712root 11241100x80000000000000006858163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bebfd2f25d926f62022-01-05 09:18:32.210root 11241100x80000000000000006858164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92878d1d32df23a42022-01-05 09:18:32.210root 11241100x80000000000000006858165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80dee178fb7fa352022-01-05 09:18:32.210root 11241100x80000000000000006858166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446446d3466a54a2022-01-05 09:18:32.210root 11241100x80000000000000006858167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7331f6d85562b522022-01-05 09:18:32.210root 11241100x80000000000000006858168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76929e5ae7a3dff72022-01-05 09:18:32.210root 11241100x80000000000000006858169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74580f52ca381a2022-01-05 09:18:32.210root 11241100x80000000000000006858170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7502d3076e4de4332022-01-05 09:18:32.210root 11241100x80000000000000006858171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abebcf051858219f2022-01-05 09:18:32.210root 11241100x80000000000000006858172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206da319fa6220d02022-01-05 09:18:32.211root 11241100x80000000000000006858173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074f0ea629608292022-01-05 09:18:32.211root 11241100x80000000000000006858174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca666cf8a463e6ad2022-01-05 09:18:32.211root 11241100x80000000000000006858175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe8abad1ba2e8fa2022-01-05 09:18:32.211root 11241100x80000000000000006858176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539caf186995aef32022-01-05 09:18:32.211root 11241100x80000000000000006858177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b72491288a00972022-01-05 09:18:32.211root 11241100x80000000000000006858178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c10b3662ab2b3a2022-01-05 09:18:32.211root 11241100x80000000000000006858179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f903ddabfecdaa92022-01-05 09:18:32.212root 11241100x80000000000000006858180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6571403024d852022-01-05 09:18:32.212root 11241100x80000000000000006858181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76475a34251f50632022-01-05 09:18:32.212root 11241100x80000000000000006858182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c54283f26494412022-01-05 09:18:32.212root 11241100x80000000000000006858183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafe6f6c0911c7b02022-01-05 09:18:32.212root 23542300x80000000000000006858184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.403{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006858185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d47709422f9c66d2022-01-05 09:18:32.710root 11241100x80000000000000006858186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d53a20aa377e1162022-01-05 09:18:32.710root 11241100x80000000000000006858187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b939f8546e3ea6af2022-01-05 09:18:32.710root 11241100x80000000000000006858188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a511a6562d879a52022-01-05 09:18:32.710root 11241100x80000000000000006858189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f770534ba5c031992022-01-05 09:18:32.710root 11241100x80000000000000006858190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352279dd106dc3362022-01-05 09:18:32.710root 11241100x80000000000000006858191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31342466b0cd0b0f2022-01-05 09:18:32.710root 11241100x80000000000000006858192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f4b3c55d4f72f82022-01-05 09:18:32.710root 11241100x80000000000000006858193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07872be12817d3692022-01-05 09:18:32.711root 11241100x80000000000000006858194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfc6a358a4847c72022-01-05 09:18:32.711root 11241100x80000000000000006858195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955b409fb2077f262022-01-05 09:18:32.711root 11241100x80000000000000006858196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d559302c5f28552022-01-05 09:18:32.711root 11241100x80000000000000006858197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a693abe3c723f072022-01-05 09:18:32.711root 11241100x80000000000000006858198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f163920bedbcac2022-01-05 09:18:32.711root 11241100x80000000000000006858199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef662d7b8afe76672022-01-05 09:18:32.711root 11241100x80000000000000006858200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3dbedb0f4a29672022-01-05 09:18:32.711root 11241100x80000000000000006858201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e73842f1e9b0a912022-01-05 09:18:32.712root 11241100x80000000000000006858202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e0210a0d1aea042022-01-05 09:18:32.712root 11241100x80000000000000006858203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dc6a91e739b9c02022-01-05 09:18:32.712root 11241100x80000000000000006858204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9800e17e5697462022-01-05 09:18:32.712root 11241100x80000000000000006858205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b0c5221808af562022-01-05 09:18:32.712root 11241100x80000000000000006858206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65011a698e5600382022-01-05 09:18:32.712root 354300x80000000000000006858207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.052{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40652-false10.0.1.12-8000- 11241100x80000000000000006858208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.052{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61315fbf898e12c02022-01-05 09:18:33.052root 11241100x80000000000000006858209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.052{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9d2085a524b092022-01-05 09:18:33.052root 11241100x80000000000000006858210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c193413982571e02022-01-05 09:18:33.053root 11241100x80000000000000006858211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf428519290313652022-01-05 09:18:33.053root 11241100x80000000000000006858212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbab6e017e3f8e152022-01-05 09:18:33.053root 11241100x80000000000000006858213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc99082f483f753c2022-01-05 09:18:33.053root 11241100x80000000000000006858214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02120a913573dbe72022-01-05 09:18:33.053root 11241100x80000000000000006858215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090a3a4e7f6e27ae2022-01-05 09:18:33.053root 11241100x80000000000000006858216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a11eb429cbcfe7e2022-01-05 09:18:33.053root 11241100x80000000000000006858217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d26de46f1157602022-01-05 09:18:33.053root 11241100x80000000000000006858218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1acd6e36041eac2022-01-05 09:18:33.054root 11241100x80000000000000006858219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee5be8bee1f00ea2022-01-05 09:18:33.054root 11241100x80000000000000006858220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f8b1ef9186fff22022-01-05 09:18:33.054root 11241100x80000000000000006858221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d8d42e08868ffe2022-01-05 09:18:33.054root 11241100x80000000000000006858222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba18ad4f59c1f522022-01-05 09:18:33.054root 11241100x80000000000000006858223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a8ad4c3374f8e42022-01-05 09:18:33.054root 11241100x80000000000000006858224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a302ac9166e662022-01-05 09:18:33.054root 11241100x80000000000000006858225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f065a52539b5f92022-01-05 09:18:33.054root 11241100x80000000000000006858226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40cdb1d1c52e9372022-01-05 09:18:33.054root 11241100x80000000000000006858227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474de3cc45f4443f2022-01-05 09:18:33.054root 11241100x80000000000000006858228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fff7e0458d862342022-01-05 09:18:33.055root 11241100x80000000000000006858229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4482bf9e39c90152022-01-05 09:18:33.055root 11241100x80000000000000006858230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156ee7f0ee82cfe32022-01-05 09:18:33.055root 11241100x80000000000000006858231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf984e076e46c7e2022-01-05 09:18:33.055root 11241100x80000000000000006858232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831424e8d2bf5e12022-01-05 09:18:33.055root 11241100x80000000000000006858233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57d69410c3d1a92022-01-05 09:18:33.055root 11241100x80000000000000006858234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7687fdb7f6940592022-01-05 09:18:33.055root 11241100x80000000000000006858235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc607139a775c82022-01-05 09:18:33.055root 11241100x80000000000000006858236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b458818ce6bd3d32022-01-05 09:18:33.055root 11241100x80000000000000006858237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c19db2ef2bf932022-01-05 09:18:33.056root 11241100x80000000000000006858238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231ddb18b29e4b492022-01-05 09:18:33.056root 11241100x80000000000000006858239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90835627bc099f7d2022-01-05 09:18:33.056root 11241100x80000000000000006858240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4fdc0f7c0462c32022-01-05 09:18:33.056root 11241100x80000000000000006858241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b081334b1558a2022-01-05 09:18:33.058root 11241100x80000000000000006858242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ecee5250cf1372022-01-05 09:18:33.058root 11241100x80000000000000006858243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd6ec5c41a300d32022-01-05 09:18:33.058root 354300x80000000000000006858244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.427{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41134-false10.0.1.12-8089- 11241100x80000000000000006858245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295da6b7f84719ed2022-01-05 09:18:33.428root 11241100x80000000000000006858246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5989c0de6068cbe2022-01-05 09:18:33.428root 11241100x80000000000000006858247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56df3dcef73dd5c92022-01-05 09:18:33.428root 11241100x80000000000000006858248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d9921e3c1182e2022-01-05 09:18:33.428root 11241100x80000000000000006858249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4350577dda4fb82022-01-05 09:18:33.428root 11241100x80000000000000006858250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.429{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea3e45307a1bbe2022-01-05 09:18:33.429root 11241100x80000000000000006858251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.429{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b7b3e580a13af02022-01-05 09:18:33.429root 11241100x80000000000000006858252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.429{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae08c23e5a89c9d2022-01-05 09:18:33.429root 11241100x80000000000000006858253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154c086e2780b412022-01-05 09:18:33.430root 11241100x80000000000000006858254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f68a2d951b6e22022-01-05 09:18:33.430root 11241100x80000000000000006858255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff686e35161da892022-01-05 09:18:33.430root 11241100x80000000000000006858256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a46721683dbe5222022-01-05 09:18:33.430root 11241100x80000000000000006858257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f63d77f3d0499582022-01-05 09:18:33.430root 11241100x80000000000000006858258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f672911f8dc71bb62022-01-05 09:18:33.430root 11241100x80000000000000006858259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcde0287d6ce3f82022-01-05 09:18:33.431root 11241100x80000000000000006858260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd209e1a2df1d682022-01-05 09:18:33.431root 11241100x80000000000000006858261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac2c1c387847162022-01-05 09:18:33.431root 11241100x80000000000000006858262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00a2306c6f429c12022-01-05 09:18:33.431root 11241100x80000000000000006858263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.432{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67292e729cc0122022-01-05 09:18:33.432root 11241100x80000000000000006858264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.432{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c2f8cc987c99c92022-01-05 09:18:33.432root 11241100x80000000000000006858265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.432{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d48067cbd4b9a8c2022-01-05 09:18:33.432root 11241100x80000000000000006858266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347ec38e235f8572022-01-05 09:18:33.433root 11241100x80000000000000006858267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616b21089497f8082022-01-05 09:18:33.433root 11241100x80000000000000006858268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d654d70cc6c24aa72022-01-05 09:18:33.433root 11241100x80000000000000006858269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966430d722629a3d2022-01-05 09:18:33.433root 11241100x80000000000000006858270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c54c3a1cd597e82022-01-05 09:18:33.433root 11241100x80000000000000006858271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9013c0465dd0f5572022-01-05 09:18:33.433root 11241100x80000000000000006858272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb9c4eca4825c302022-01-05 09:18:33.433root 11241100x80000000000000006858273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b543548ab8cd33a2022-01-05 09:18:33.433root 11241100x80000000000000006858274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555db5a72955f092022-01-05 09:18:33.710root 11241100x80000000000000006858275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e3387295db25e12022-01-05 09:18:33.710root 11241100x80000000000000006858276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43fbc65377290912022-01-05 09:18:33.710root 11241100x80000000000000006858277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390f86da23e619a52022-01-05 09:18:33.710root 11241100x80000000000000006858278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa808ced1926ecf2022-01-05 09:18:33.710root 11241100x80000000000000006858279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e6f493a3dfcc892022-01-05 09:18:33.710root 11241100x80000000000000006858280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc0e86e4aefb4a2022-01-05 09:18:33.710root 11241100x80000000000000006858281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acbfc4cf00670a42022-01-05 09:18:33.710root 11241100x80000000000000006858282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598f85b882ee83152022-01-05 09:18:33.711root 11241100x80000000000000006858283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b9c13ad1a85bb2022-01-05 09:18:33.711root 11241100x80000000000000006858284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d42111d507362b2022-01-05 09:18:33.711root 11241100x80000000000000006858285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7d9a03bc51f59f2022-01-05 09:18:33.711root 11241100x80000000000000006858286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621c804162bef60f2022-01-05 09:18:33.711root 11241100x80000000000000006858287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2790f7a48328be2022-01-05 09:18:33.711root 11241100x80000000000000006858288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c960dcee71d83e2022-01-05 09:18:33.711root 11241100x80000000000000006858289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e42729bd2d6bbbf2022-01-05 09:18:33.711root 11241100x80000000000000006858290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018575a9c2acf3cd2022-01-05 09:18:33.711root 11241100x80000000000000006858291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20177385bd6a54df2022-01-05 09:18:33.711root 11241100x80000000000000006858292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3974ff82b3af32ea2022-01-05 09:18:33.711root 11241100x80000000000000006858293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb6f29cbba27e8f2022-01-05 09:18:33.711root 11241100x80000000000000006858294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00880678303bdd0b2022-01-05 09:18:33.711root 11241100x80000000000000006858295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af1b0e70d5b92e02022-01-05 09:18:33.712root 11241100x80000000000000006858296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d4f34b99fd5e92022-01-05 09:18:33.712root 11241100x80000000000000006858297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25687b563eeb29862022-01-05 09:18:33.712root 11241100x80000000000000006858298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f19aa1e81c9fc5b2022-01-05 09:18:34.210root 11241100x80000000000000006858299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b38c491eee9e12022-01-05 09:18:34.210root 11241100x80000000000000006858300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b16c24ed64e08c2022-01-05 09:18:34.210root 11241100x80000000000000006858301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c980390e09fdd22022-01-05 09:18:34.210root 11241100x80000000000000006858302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d31268f17b23152022-01-05 09:18:34.210root 11241100x80000000000000006858303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b2b53d85859962022-01-05 09:18:34.210root 11241100x80000000000000006858304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c80751c3b7b40e52022-01-05 09:18:34.211root 11241100x80000000000000006858305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a50499c52a4e42022-01-05 09:18:34.211root 11241100x80000000000000006858306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f17df351f8f8f92022-01-05 09:18:34.211root 11241100x80000000000000006858307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7a8c930bb595e02022-01-05 09:18:34.211root 11241100x80000000000000006858308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24910e29c7ab2a452022-01-05 09:18:34.211root 11241100x80000000000000006858309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caecded4964af13f2022-01-05 09:18:34.212root 11241100x80000000000000006858310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13134d37050eb3872022-01-05 09:18:34.212root 11241100x80000000000000006858311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cae8c38768224842022-01-05 09:18:34.212root 11241100x80000000000000006858312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a8316d817292a72022-01-05 09:18:34.212root 11241100x80000000000000006858313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c3be695d0c10c2022-01-05 09:18:34.212root 11241100x80000000000000006858314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1edd4ed145482752022-01-05 09:18:34.213root 11241100x80000000000000006858315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5199356dc11b232022-01-05 09:18:34.213root 11241100x80000000000000006858316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c60b92425dd0c02022-01-05 09:18:34.213root 11241100x80000000000000006858317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50827f1d8d12e14e2022-01-05 09:18:34.213root 11241100x80000000000000006858318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdefbb6f35832c1b2022-01-05 09:18:34.213root 11241100x80000000000000006858319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64c667520312a02022-01-05 09:18:34.213root 11241100x80000000000000006858320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4338d09ed8b2c4322022-01-05 09:18:34.214root 11241100x80000000000000006858321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a1a0cd4532e502022-01-05 09:18:34.214root 11241100x80000000000000006858322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b781be76ef624f32022-01-05 09:18:34.710root 11241100x80000000000000006858323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ec0808d9934e8a2022-01-05 09:18:34.710root 11241100x80000000000000006858324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8be0b4449aa702022-01-05 09:18:34.710root 11241100x80000000000000006858325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f6d7e5ec20ffb92022-01-05 09:18:34.710root 11241100x80000000000000006858326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac5af4b45a73b4c2022-01-05 09:18:34.710root 11241100x80000000000000006858327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa20d87193f3232022-01-05 09:18:34.711root 11241100x80000000000000006858328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02c59f7a9ea09ae2022-01-05 09:18:34.711root 11241100x80000000000000006858329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1d13699ad92bcb2022-01-05 09:18:34.711root 11241100x80000000000000006858330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d073e318d664f0412022-01-05 09:18:34.712root 11241100x80000000000000006858331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6abaa938128509b2022-01-05 09:18:34.712root 11241100x80000000000000006858332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661ca5c67a3443c2022-01-05 09:18:34.712root 11241100x80000000000000006858333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc26ebe818a681b22022-01-05 09:18:34.712root 11241100x80000000000000006858334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e4745aa38a3ada2022-01-05 09:18:34.712root 11241100x80000000000000006858335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543ef6f78d6265cd2022-01-05 09:18:34.712root 11241100x80000000000000006858336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51099db6c0c33cc62022-01-05 09:18:34.712root 11241100x80000000000000006858337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3799fb2645054a2022-01-05 09:18:34.712root 11241100x80000000000000006858338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9e31c306274892022-01-05 09:18:34.712root 11241100x80000000000000006858339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67477b160cae97b2022-01-05 09:18:34.713root 11241100x80000000000000006858340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21261993bff939a92022-01-05 09:18:34.713root 11241100x80000000000000006858341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f7f6f395bb3bf2022-01-05 09:18:34.713root 11241100x80000000000000006858342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7e76fa11ea4202022-01-05 09:18:34.713root 11241100x80000000000000006858343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6ab5acb00261162022-01-05 09:18:34.713root 11241100x80000000000000006858344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081285e915858b462022-01-05 09:18:34.713root 11241100x80000000000000006858345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718743a4f6f003bb2022-01-05 09:18:34.713root 11241100x80000000000000006858346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a168316209128fc92022-01-05 09:18:35.210root 11241100x80000000000000006858347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b674603cd81b5d2022-01-05 09:18:35.210root 11241100x80000000000000006858348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42501f24709481462022-01-05 09:18:35.210root 11241100x80000000000000006858349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451cf4e04e7a50a12022-01-05 09:18:35.210root 11241100x80000000000000006858350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb4d67db04b60e22022-01-05 09:18:35.210root 11241100x80000000000000006858351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94dafd79b8adcc72022-01-05 09:18:35.210root 11241100x80000000000000006858352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef77a4ebf3ddcde2022-01-05 09:18:35.210root 11241100x80000000000000006858353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c921d0f6873208972022-01-05 09:18:35.210root 11241100x80000000000000006858354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f554aece3499492022-01-05 09:18:35.210root 11241100x80000000000000006858355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1139917e377ab8652022-01-05 09:18:35.211root 11241100x80000000000000006858356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526bc894784f5c4e2022-01-05 09:18:35.211root 11241100x80000000000000006858357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4f6aa86cf3ba632022-01-05 09:18:35.211root 11241100x80000000000000006858358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90287b774fe0c12a2022-01-05 09:18:35.211root 11241100x80000000000000006858359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1ef121094f6692022-01-05 09:18:35.211root 11241100x80000000000000006858360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589985e3bcf43de2022-01-05 09:18:35.211root 11241100x80000000000000006858361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eb4bd33d52c6122022-01-05 09:18:35.211root 11241100x80000000000000006858362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f546cf7fc3b682022-01-05 09:18:35.211root 11241100x80000000000000006858363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1358e039f60dc6b22022-01-05 09:18:35.211root 11241100x80000000000000006858364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6adf8230d3ec5bc2022-01-05 09:18:35.211root 11241100x80000000000000006858365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e1924c353a5082022-01-05 09:18:35.211root 11241100x80000000000000006858366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e53829d1525e382022-01-05 09:18:35.212root 11241100x80000000000000006858367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56034e9d190c04ed2022-01-05 09:18:35.212root 11241100x80000000000000006858368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f50ce41fd490b622022-01-05 09:18:35.212root 11241100x80000000000000006858369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d11ab971e28a67c2022-01-05 09:18:35.212root 11241100x80000000000000006858370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c186e8c1daf961272022-01-05 09:18:35.710root 11241100x80000000000000006858371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196d8e30d5c75a442022-01-05 09:18:35.710root 11241100x80000000000000006858372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d69aae701993f2022-01-05 09:18:35.710root 11241100x80000000000000006858373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3f02450615fa9e2022-01-05 09:18:35.710root 11241100x80000000000000006858374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398a49b5bbf16bf2022-01-05 09:18:35.710root 11241100x80000000000000006858375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4608b6ffc7c9b7a82022-01-05 09:18:35.710root 11241100x80000000000000006858376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0e12ca5f5bf3c02022-01-05 09:18:35.710root 11241100x80000000000000006858377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2dd8179febf6082022-01-05 09:18:35.710root 11241100x80000000000000006858378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa5576b8d9918f2022-01-05 09:18:35.711root 11241100x80000000000000006858379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0870cda349e45a2022-01-05 09:18:35.711root 11241100x80000000000000006858380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c06731ed2d7e0682022-01-05 09:18:35.711root 11241100x80000000000000006858381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dadcec55cc02f92022-01-05 09:18:35.711root 11241100x80000000000000006858382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b27d1762e421c8f2022-01-05 09:18:35.711root 11241100x80000000000000006858383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc50f6c3ba8f029d2022-01-05 09:18:35.711root 11241100x80000000000000006858384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732ca55f5f371dd92022-01-05 09:18:35.711root 11241100x80000000000000006858385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b02d4e8aee5fe32022-01-05 09:18:35.711root 11241100x80000000000000006858386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf2a3dbc933154a2022-01-05 09:18:35.711root 11241100x80000000000000006858387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ad698c6eee56b2022-01-05 09:18:35.711root 11241100x80000000000000006858388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b68fded4a839a052022-01-05 09:18:35.712root 11241100x80000000000000006858389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15df07057ca7db712022-01-05 09:18:35.712root 11241100x80000000000000006858390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864d03a1d583864e2022-01-05 09:18:35.712root 11241100x80000000000000006858391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e52bf77bafd72da2022-01-05 09:18:35.712root 11241100x80000000000000006858392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d54b384ba038ad2022-01-05 09:18:35.712root 11241100x80000000000000006858393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168b228487228c9e2022-01-05 09:18:35.712root 11241100x80000000000000006858394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82ec86c253493a2022-01-05 09:18:36.210root 11241100x80000000000000006858395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf15874571217e292022-01-05 09:18:36.210root 11241100x80000000000000006858396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75de44b0c366941f2022-01-05 09:18:36.210root 11241100x80000000000000006858397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7000ff2a4f1fde82022-01-05 09:18:36.210root 11241100x80000000000000006858398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97543d52f28924e02022-01-05 09:18:36.210root 11241100x80000000000000006858399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4f867c51fe90eb2022-01-05 09:18:36.210root 11241100x80000000000000006858400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5012ea47bb53858b2022-01-05 09:18:36.210root 11241100x80000000000000006858401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd4b9e40235d1562022-01-05 09:18:36.210root 11241100x80000000000000006858402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e738d6c217fd77f2022-01-05 09:18:36.211root 11241100x80000000000000006858403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46775f98b06f1d512022-01-05 09:18:36.211root 11241100x80000000000000006858404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96555733a35572272022-01-05 09:18:36.211root 11241100x80000000000000006858405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a2c7f9ef03ce82022-01-05 09:18:36.211root 11241100x80000000000000006858406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25afbfdfdba8a4ce2022-01-05 09:18:36.211root 11241100x80000000000000006858407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7825fb4a73531182022-01-05 09:18:36.211root 11241100x80000000000000006858408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f5a2ad016ac662022-01-05 09:18:36.211root 11241100x80000000000000006858409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b9a7c92190bddd2022-01-05 09:18:36.211root 11241100x80000000000000006858410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e7c54486c9db722022-01-05 09:18:36.211root 11241100x80000000000000006858411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27e675bc48b7cb72022-01-05 09:18:36.211root 11241100x80000000000000006858412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c584236e7e73f1ba2022-01-05 09:18:36.212root 11241100x80000000000000006858413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9522e1e60f3e15152022-01-05 09:18:36.212root 11241100x80000000000000006858414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cd11bf67ce6f662022-01-05 09:18:36.212root 11241100x80000000000000006858415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62cf4686ca11a142022-01-05 09:18:36.212root 11241100x80000000000000006858416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96881b23a46b02272022-01-05 09:18:36.212root 11241100x80000000000000006858417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbc097e2fc0a3d12022-01-05 09:18:36.212root 11241100x80000000000000006858418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d3998e6c8348762022-01-05 09:18:36.710root 11241100x80000000000000006858419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934f46c0d77fb44f2022-01-05 09:18:36.710root 11241100x80000000000000006858420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbda4901c78b626a2022-01-05 09:18:36.710root 11241100x80000000000000006858421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f57214f9277b24e2022-01-05 09:18:36.710root 11241100x80000000000000006858422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c26c9ca479f20522022-01-05 09:18:36.710root 11241100x80000000000000006858423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21848ec74887f8ff2022-01-05 09:18:36.710root 11241100x80000000000000006858424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea3789418c56962022-01-05 09:18:36.710root 11241100x80000000000000006858425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69db8f91673a0b0b2022-01-05 09:18:36.711root 11241100x80000000000000006858426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7ec8b7bdfb1052022-01-05 09:18:36.711root 11241100x80000000000000006858427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9917b4c31914ef242022-01-05 09:18:36.711root 11241100x80000000000000006858428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38868340a0c83c062022-01-05 09:18:36.711root 11241100x80000000000000006858429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27ba3c635b7e1f2022-01-05 09:18:36.711root 11241100x80000000000000006858430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9151778654c0e92022-01-05 09:18:36.711root 11241100x80000000000000006858431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65bd291a4794fd92022-01-05 09:18:36.711root 11241100x80000000000000006858432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724779f3353045fb2022-01-05 09:18:36.711root 11241100x80000000000000006858433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3948761a9daa4f12022-01-05 09:18:36.711root 11241100x80000000000000006858434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0e7611098a64aa2022-01-05 09:18:36.711root 11241100x80000000000000006858435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64231474ce75b53c2022-01-05 09:18:36.712root 11241100x80000000000000006858436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092c9972f5f7c8932022-01-05 09:18:36.712root 11241100x80000000000000006858437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ddd779b7d15a332022-01-05 09:18:36.712root 11241100x80000000000000006858438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88397377dd85dec2022-01-05 09:18:36.712root 11241100x80000000000000006858439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bacc291ba0ad512022-01-05 09:18:36.712root 11241100x80000000000000006858440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa22f42fab8c7c042022-01-05 09:18:36.712root 11241100x80000000000000006858441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c1a87c8a11ad152022-01-05 09:18:36.712root 11241100x80000000000000006858442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e3f0242866ae372022-01-05 09:18:37.210root 11241100x80000000000000006858443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af4dd0c4031a532022-01-05 09:18:37.210root 11241100x80000000000000006858444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a67e39a83a933212022-01-05 09:18:37.210root 11241100x80000000000000006858445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e5bab4ef6115a2022-01-05 09:18:37.210root 11241100x80000000000000006858446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baf3a34666916282022-01-05 09:18:37.210root 11241100x80000000000000006858447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df8854b258cb6c32022-01-05 09:18:37.210root 11241100x80000000000000006858448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85aace4a65b04f82022-01-05 09:18:37.210root 11241100x80000000000000006858449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79368ee0c37b170c2022-01-05 09:18:37.210root 11241100x80000000000000006858450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963bfaf068c27efb2022-01-05 09:18:37.211root 11241100x80000000000000006858451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce0bf2a943694a2022-01-05 09:18:37.211root 11241100x80000000000000006858452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439518ed5a1014002022-01-05 09:18:37.211root 11241100x80000000000000006858453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf889b05193a26b2022-01-05 09:18:37.211root 11241100x80000000000000006858454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fc26586b0fdb5e2022-01-05 09:18:37.211root 11241100x80000000000000006858455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85a20b9682078f82022-01-05 09:18:37.211root 11241100x80000000000000006858456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b3b20cdcd23c112022-01-05 09:18:37.211root 11241100x80000000000000006858457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e31c702786725672022-01-05 09:18:37.211root 11241100x80000000000000006858458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96ca64fc16862782022-01-05 09:18:37.211root 11241100x80000000000000006858459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77479353ad805d12022-01-05 09:18:37.211root 11241100x80000000000000006858460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7817f7583864dc832022-01-05 09:18:37.212root 11241100x80000000000000006858461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34449e4039cf463d2022-01-05 09:18:37.212root 11241100x80000000000000006858462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9bd98639f10ea22022-01-05 09:18:37.212root 11241100x80000000000000006858463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c08e62b8f182a5d2022-01-05 09:18:37.212root 11241100x80000000000000006858464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8a1fe9cbb25abc2022-01-05 09:18:37.212root 11241100x80000000000000006858465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65934398184242082022-01-05 09:18:37.212root 11241100x80000000000000006858466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff858a23a87ec192022-01-05 09:18:37.710root 11241100x80000000000000006858467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6336b34d428162022-01-05 09:18:37.710root 11241100x80000000000000006858468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba588549febb852022-01-05 09:18:37.710root 11241100x80000000000000006858469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54562907e4eb0fb32022-01-05 09:18:37.710root 11241100x80000000000000006858470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20668d538f4ec6f02022-01-05 09:18:37.710root 11241100x80000000000000006858471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2d39d68ce8d98b2022-01-05 09:18:37.710root 11241100x80000000000000006858472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937fdf1bcb4ef5ac2022-01-05 09:18:37.710root 11241100x80000000000000006858473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766893527eb90ee12022-01-05 09:18:37.710root 11241100x80000000000000006858474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb945dd641f003bc2022-01-05 09:18:37.711root 11241100x80000000000000006858475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98288381c7a4d6cd2022-01-05 09:18:37.711root 11241100x80000000000000006858476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493ea3ae58b78daf2022-01-05 09:18:37.711root 11241100x80000000000000006858477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9998d0e257d285a2022-01-05 09:18:37.711root 11241100x80000000000000006858478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f045b6690b87c2022-01-05 09:18:37.711root 11241100x80000000000000006858479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9513a5d13a69a4e2022-01-05 09:18:37.711root 11241100x80000000000000006858480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c04fb731a366bbb2022-01-05 09:18:37.711root 11241100x80000000000000006858481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783d284fd820b89f2022-01-05 09:18:37.711root 11241100x80000000000000006858482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce274e529c7e0eb2022-01-05 09:18:37.711root 11241100x80000000000000006858483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d766d677559e1ed2022-01-05 09:18:37.711root 11241100x80000000000000006858484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73dc7d39563e69a2022-01-05 09:18:37.711root 11241100x80000000000000006858485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8d1edd11f2b422022-01-05 09:18:37.711root 11241100x80000000000000006858486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a22d0afd978be92022-01-05 09:18:37.712root 11241100x80000000000000006858487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef51e0a9a3d08a2022-01-05 09:18:37.712root 11241100x80000000000000006858488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfcd50069a89ed52022-01-05 09:18:37.712root 11241100x80000000000000006858489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2637211c4cecbae72022-01-05 09:18:37.712root 11241100x80000000000000006858490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894aca87d4cd5b7a2022-01-05 09:18:38.210root 11241100x80000000000000006858491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81b5a5ea675c9152022-01-05 09:18:38.210root 11241100x80000000000000006858492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d0f798aecabc92022-01-05 09:18:38.210root 11241100x80000000000000006858493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c7f2f3e72963d52022-01-05 09:18:38.211root 11241100x80000000000000006858494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e539b1dd2f536e622022-01-05 09:18:38.211root 11241100x80000000000000006858495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bad310545de3372022-01-05 09:18:38.211root 11241100x80000000000000006858496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74df926c726a895d2022-01-05 09:18:38.211root 11241100x80000000000000006858497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b6e591b5fbec52022-01-05 09:18:38.211root 11241100x80000000000000006858498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ecf2fd157252862022-01-05 09:18:38.211root 11241100x80000000000000006858499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85e467a9d1ad30d2022-01-05 09:18:38.211root 11241100x80000000000000006858500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9f65f69cf04d782022-01-05 09:18:38.211root 11241100x80000000000000006858501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dc7eef195516f12022-01-05 09:18:38.212root 11241100x80000000000000006858502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31f1616406df3d2022-01-05 09:18:38.212root 11241100x80000000000000006858503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d103841cc30267dc2022-01-05 09:18:38.212root 11241100x80000000000000006858504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e98abafe151f9d42022-01-05 09:18:38.212root 11241100x80000000000000006858505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69ec98151c9ac102022-01-05 09:18:38.212root 11241100x80000000000000006858506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4fa177b35f9fa12022-01-05 09:18:38.212root 11241100x80000000000000006858507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d40845c7d683e252022-01-05 09:18:38.212root 11241100x80000000000000006858508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac47dda4cba511362022-01-05 09:18:38.212root 11241100x80000000000000006858509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2f1f45d34edef32022-01-05 09:18:38.212root 11241100x80000000000000006858510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76a8a918a10c1822022-01-05 09:18:38.213root 11241100x80000000000000006858511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8810cf3f452aad362022-01-05 09:18:38.213root 11241100x80000000000000006858512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce19de91c2d15212022-01-05 09:18:38.213root 11241100x80000000000000006858513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01df04cfe9d8ce732022-01-05 09:18:38.213root 354300x80000000000000006858514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.230{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40656-false10.0.1.12-8000- 11241100x80000000000000006858515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487a4c1d6e3d90d02022-01-05 09:18:38.710root 11241100x80000000000000006858516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276825ac63d3032f2022-01-05 09:18:38.710root 11241100x80000000000000006858517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4d4fedc050e7f82022-01-05 09:18:38.710root 11241100x80000000000000006858518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8434f4d751c19d2022-01-05 09:18:38.710root 11241100x80000000000000006858519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f3f579413a31f2022-01-05 09:18:38.710root 11241100x80000000000000006858520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9844e69de6cd22022-01-05 09:18:38.710root 11241100x80000000000000006858521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeda3786a3bcd4d2022-01-05 09:18:38.710root 11241100x80000000000000006858522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefd9976a3ef69242022-01-05 09:18:38.711root 11241100x80000000000000006858523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd27c7ced9481eb62022-01-05 09:18:38.711root 11241100x80000000000000006858524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb66efa0365089422022-01-05 09:18:38.711root 11241100x80000000000000006858525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edb902328e5c89b2022-01-05 09:18:38.711root 11241100x80000000000000006858526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047bf696629202a2022-01-05 09:18:38.711root 11241100x80000000000000006858527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd41eeae0dc999e2022-01-05 09:18:38.711root 11241100x80000000000000006858528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89a22cb57b905532022-01-05 09:18:38.711root 11241100x80000000000000006858529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f6a066b95cb522022-01-05 09:18:38.711root 11241100x80000000000000006858530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3200c3edb66ed2512022-01-05 09:18:38.711root 11241100x80000000000000006858531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9aa7e9e1261cdd2022-01-05 09:18:38.711root 11241100x80000000000000006858532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7b55b72276d1f72022-01-05 09:18:38.712root 11241100x80000000000000006858533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e6dd35c37253012022-01-05 09:18:38.712root 11241100x80000000000000006858534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78652c9ddbdc21f72022-01-05 09:18:38.712root 11241100x80000000000000006858535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643c8208071ace052022-01-05 09:18:38.712root 11241100x80000000000000006858536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd16e7e55d443d32022-01-05 09:18:38.712root 11241100x80000000000000006858537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbf33d23260940d2022-01-05 09:18:38.712root 11241100x80000000000000006858538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97185f1d58f727852022-01-05 09:18:38.712root 11241100x80000000000000006858539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7acd4628b01bcb2022-01-05 09:18:38.712root 11241100x80000000000000006858540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44290cd8e24214cf2022-01-05 09:18:39.210root 11241100x80000000000000006858541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac5ae78d86f14fa2022-01-05 09:18:39.210root 11241100x80000000000000006858542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0cf9d6235d67bc2022-01-05 09:18:39.210root 11241100x80000000000000006858543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae20369a637b5152022-01-05 09:18:39.210root 11241100x80000000000000006858544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96942f05ca091482022-01-05 09:18:39.210root 11241100x80000000000000006858545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c56878cdbf081b2022-01-05 09:18:39.210root 11241100x80000000000000006858546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8209a41c76d7a5732022-01-05 09:18:39.211root 11241100x80000000000000006858547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c88627a428754de2022-01-05 09:18:39.211root 11241100x80000000000000006858548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63061dbbac104e82022-01-05 09:18:39.211root 11241100x80000000000000006858549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea6eb3199d944592022-01-05 09:18:39.211root 11241100x80000000000000006858550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9272d479dad4bd942022-01-05 09:18:39.211root 11241100x80000000000000006858551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a8bbe65661a9e02022-01-05 09:18:39.211root 11241100x80000000000000006858552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80190748bfb864332022-01-05 09:18:39.211root 11241100x80000000000000006858553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd0ffd865c7909b2022-01-05 09:18:39.212root 11241100x80000000000000006858554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9af3cdbfbe56342022-01-05 09:18:39.212root 11241100x80000000000000006858555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14fabc5ba646a1b2022-01-05 09:18:39.212root 11241100x80000000000000006858556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a3a05d3d815c92022-01-05 09:18:39.212root 11241100x80000000000000006858557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04601f2ed5072def2022-01-05 09:18:39.212root 11241100x80000000000000006858558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca1e192af03d0952022-01-05 09:18:39.212root 11241100x80000000000000006858559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a28d646483f09c52022-01-05 09:18:39.212root 11241100x80000000000000006858560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c4276144515032022-01-05 09:18:39.212root 11241100x80000000000000006858561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d769c5887ca3e612022-01-05 09:18:39.213root 11241100x80000000000000006858562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1449b4fd97a975802022-01-05 09:18:39.213root 11241100x80000000000000006858563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d808038eb0bdf05c2022-01-05 09:18:39.213root 11241100x80000000000000006858564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60914925332b07f02022-01-05 09:18:39.213root 11241100x80000000000000006858565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5763b2516192a5452022-01-05 09:18:39.710root 11241100x80000000000000006858566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804fa8450e51f4ef2022-01-05 09:18:39.710root 11241100x80000000000000006858567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c23077ddbbd95f2022-01-05 09:18:39.710root 11241100x80000000000000006858568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f07e39ce58c582022-01-05 09:18:39.711root 11241100x80000000000000006858569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8295c51a4acee52e2022-01-05 09:18:39.711root 11241100x80000000000000006858570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94442cf0e1b27ade2022-01-05 09:18:39.711root 11241100x80000000000000006858571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d895c6af36edee32022-01-05 09:18:39.711root 11241100x80000000000000006858572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44dce76723eef82022-01-05 09:18:39.711root 11241100x80000000000000006858573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e03d1652615042022-01-05 09:18:39.711root 11241100x80000000000000006858574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e719e944cdd2c6d2022-01-05 09:18:39.711root 11241100x80000000000000006858575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e929631c3cc724f22022-01-05 09:18:39.712root 11241100x80000000000000006858576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e545462aefb8a702022-01-05 09:18:39.712root 11241100x80000000000000006858577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6861dde761b52f2022-01-05 09:18:39.712root 11241100x80000000000000006858578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c8602b2cad73b2022-01-05 09:18:39.712root 11241100x80000000000000006858579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dfc074a40549542022-01-05 09:18:39.712root 11241100x80000000000000006858580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e90f897f7a8ced2022-01-05 09:18:39.712root 11241100x80000000000000006858581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88436c74259905502022-01-05 09:18:39.712root 11241100x80000000000000006858582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d82b47daaa689e2022-01-05 09:18:39.712root 11241100x80000000000000006858583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39d0d206cdd064f2022-01-05 09:18:39.712root 11241100x80000000000000006858584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06365e2dccfdf272022-01-05 09:18:39.713root 11241100x80000000000000006858585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a146c709b767822022-01-05 09:18:39.713root 11241100x80000000000000006858586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd61574baa34ea2022-01-05 09:18:39.713root 11241100x80000000000000006858587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca66065f1e4bb22022-01-05 09:18:39.713root 11241100x80000000000000006858588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb0472a3ffe07bf2022-01-05 09:18:39.713root 11241100x80000000000000006858589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b346cf33d83f172022-01-05 09:18:39.713root 11241100x80000000000000006858590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b3e298726286992022-01-05 09:18:40.210root 11241100x80000000000000006858591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dfdfda8fd6f7d82022-01-05 09:18:40.210root 11241100x80000000000000006858592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e80dac2fd9995692022-01-05 09:18:40.210root 11241100x80000000000000006858593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a6fa5bde5aed842022-01-05 09:18:40.210root 11241100x80000000000000006858594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a834d0312629d7c82022-01-05 09:18:40.210root 11241100x80000000000000006858595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e55d4a51067c0b2022-01-05 09:18:40.210root 11241100x80000000000000006858596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5298fbec8e299e2022-01-05 09:18:40.210root 11241100x80000000000000006858597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f5b3354b7b39c2022-01-05 09:18:40.211root 11241100x80000000000000006858598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232f3d0919bf06a62022-01-05 09:18:40.211root 11241100x80000000000000006858599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7981e2a22698612022-01-05 09:18:40.211root 11241100x80000000000000006858600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0641ff94f8e694ce2022-01-05 09:18:40.211root 11241100x80000000000000006858601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fd9101e2ac67392022-01-05 09:18:40.211root 11241100x80000000000000006858602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d20b3f50a10bcb2022-01-05 09:18:40.211root 11241100x80000000000000006858603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68c5fe009a42e32022-01-05 09:18:40.211root 11241100x80000000000000006858604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc97152c4e03482022-01-05 09:18:40.211root 11241100x80000000000000006858605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd2c130490919d62022-01-05 09:18:40.211root 11241100x80000000000000006858606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3249aa5fb2a3adb52022-01-05 09:18:40.211root 11241100x80000000000000006858607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c488efa661f4ee232022-01-05 09:18:40.211root 11241100x80000000000000006858608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f60bfee23581e832022-01-05 09:18:40.211root 11241100x80000000000000006858609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29173987321ca672022-01-05 09:18:40.211root 11241100x80000000000000006858610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b66bc0f48a3bc62022-01-05 09:18:40.211root 11241100x80000000000000006858611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070377786d193e492022-01-05 09:18:40.212root 11241100x80000000000000006858612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c01864041dde152022-01-05 09:18:40.212root 11241100x80000000000000006858613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0567eba1419739f52022-01-05 09:18:40.212root 11241100x80000000000000006858614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd07e3fd24f7eae2022-01-05 09:18:40.212root 11241100x80000000000000006858615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea4af0ef23b54782022-01-05 09:18:40.710root 11241100x80000000000000006858616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e343d3ea2483ed2022-01-05 09:18:40.710root 11241100x80000000000000006858617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b219bf0b2c2d6cb52022-01-05 09:18:40.710root 11241100x80000000000000006858618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8563f4dab85a48a72022-01-05 09:18:40.710root 11241100x80000000000000006858619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40ac1c380a7b112022-01-05 09:18:40.710root 11241100x80000000000000006858620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc1b2123a8862e02022-01-05 09:18:40.710root 11241100x80000000000000006858621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa4de846e12dea72022-01-05 09:18:40.711root 11241100x80000000000000006858622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8a0a95ccf8ed092022-01-05 09:18:40.711root 11241100x80000000000000006858623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94df8f530d9a30372022-01-05 09:18:40.711root 11241100x80000000000000006858624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e22e7996c712b92022-01-05 09:18:40.711root 11241100x80000000000000006858625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6177384d5d3fa2022-01-05 09:18:40.711root 11241100x80000000000000006858626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f69516a9f003e832022-01-05 09:18:40.711root 11241100x80000000000000006858627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bceef2baec2cf62022-01-05 09:18:40.711root 11241100x80000000000000006858628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3896ada20615d9f72022-01-05 09:18:40.711root 11241100x80000000000000006858629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224658707bada19a2022-01-05 09:18:40.711root 11241100x80000000000000006858630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb54bb4760f79592022-01-05 09:18:40.711root 11241100x80000000000000006858631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0627b4102e569d8d2022-01-05 09:18:40.711root 11241100x80000000000000006858632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731ffc6355e2e0fd2022-01-05 09:18:40.711root 11241100x80000000000000006858633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b37b74b7a7643da2022-01-05 09:18:40.711root 11241100x80000000000000006858634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774b6993ccbf1052022-01-05 09:18:40.712root 11241100x80000000000000006858635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecf95d59f202e332022-01-05 09:18:40.712root 11241100x80000000000000006858636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46c5cff81e5b262022-01-05 09:18:40.712root 11241100x80000000000000006858637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9d7ba33620528e2022-01-05 09:18:40.712root 11241100x80000000000000006858638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf5330d24e06d7f2022-01-05 09:18:40.712root 11241100x80000000000000006858639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbdbff90816c9652022-01-05 09:18:40.712root 11241100x80000000000000006858640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628d56b7a98c14e72022-01-05 09:18:41.210root 11241100x80000000000000006858641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7bf035eb52d4452022-01-05 09:18:41.210root 11241100x80000000000000006858642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2147ba773b6928a2022-01-05 09:18:41.210root 11241100x80000000000000006858643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf4a9e6d59c6d8f2022-01-05 09:18:41.210root 11241100x80000000000000006858644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75425c7afc5853d2022-01-05 09:18:41.210root 11241100x80000000000000006858645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926a405663fe5fb92022-01-05 09:18:41.210root 11241100x80000000000000006858646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8e402aaf79ea3a2022-01-05 09:18:41.210root 11241100x80000000000000006858647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3abaf0a0b8f6bc2022-01-05 09:18:41.210root 11241100x80000000000000006858648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e1f5a0afd3807a2022-01-05 09:18:41.210root 11241100x80000000000000006858649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860277038b16db7b2022-01-05 09:18:41.211root 11241100x80000000000000006858650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffce78f739c92fe2022-01-05 09:18:41.211root 11241100x80000000000000006858651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12194826772fca612022-01-05 09:18:41.211root 11241100x80000000000000006858652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beeca91faafaa622022-01-05 09:18:41.211root 11241100x80000000000000006858653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f04b446b890e762022-01-05 09:18:41.211root 11241100x80000000000000006858654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe3b4ffb199f6c12022-01-05 09:18:41.211root 11241100x80000000000000006858655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34272d25377c5f252022-01-05 09:18:41.211root 11241100x80000000000000006858656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07772e6041bd43ff2022-01-05 09:18:41.211root 11241100x80000000000000006858657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a95800fd4118f62022-01-05 09:18:41.211root 11241100x80000000000000006858658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade46a325675bf222022-01-05 09:18:41.211root 11241100x80000000000000006858659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac3ef13da5358c02022-01-05 09:18:41.212root 11241100x80000000000000006858660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a491f84b4fd007c2022-01-05 09:18:41.212root 11241100x80000000000000006858661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cbc0a95d5c50b02022-01-05 09:18:41.212root 11241100x80000000000000006858662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb93509421edd72022-01-05 09:18:41.212root 11241100x80000000000000006858663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90e2193689d02402022-01-05 09:18:41.212root 11241100x80000000000000006858664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ba0fa6fd59a3cc2022-01-05 09:18:41.212root 11241100x80000000000000006858665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf64be8c0fd2fee2022-01-05 09:18:41.710root 11241100x80000000000000006858666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8142f78b0a52292022-01-05 09:18:41.710root 11241100x80000000000000006858667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bae92febb492da42022-01-05 09:18:41.710root 11241100x80000000000000006858668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7585f5885d75c12022-01-05 09:18:41.710root 11241100x80000000000000006858669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c40af8bcc3a482022-01-05 09:18:41.710root 11241100x80000000000000006858670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc58a5cf7acd6d7e2022-01-05 09:18:41.710root 11241100x80000000000000006858671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ced9749323952f2022-01-05 09:18:41.710root 11241100x80000000000000006858672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599bdd30c370f7772022-01-05 09:18:41.710root 11241100x80000000000000006858673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0931d097da82ce2022-01-05 09:18:41.710root 11241100x80000000000000006858674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315dc46bed2595532022-01-05 09:18:41.711root 11241100x80000000000000006858675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd17e77c99e594d32022-01-05 09:18:41.711root 11241100x80000000000000006858676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27f7a47d4b38052022-01-05 09:18:41.711root 11241100x80000000000000006858677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295aeaed4be64322022-01-05 09:18:41.711root 11241100x80000000000000006858678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62255a1b5bbe6b032022-01-05 09:18:41.711root 11241100x80000000000000006858679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4a18caccf671de2022-01-05 09:18:41.711root 11241100x80000000000000006858680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126fac73898234442022-01-05 09:18:41.711root 11241100x80000000000000006858681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ffcd11bcfdf8502022-01-05 09:18:41.711root 11241100x80000000000000006858682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c189e91db77d98e2022-01-05 09:18:41.711root 11241100x80000000000000006858683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0290ea731be942f2022-01-05 09:18:41.711root 11241100x80000000000000006858684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7924becfc90fe45e2022-01-05 09:18:41.711root 11241100x80000000000000006858685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2c715e9b36cf0a2022-01-05 09:18:41.712root 11241100x80000000000000006858686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293cd89a69c102be2022-01-05 09:18:41.712root 11241100x80000000000000006858687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27015d37e4fd1da2022-01-05 09:18:41.712root 11241100x80000000000000006858688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03833be741f82c402022-01-05 09:18:41.712root 11241100x80000000000000006858689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce5d4e5a21b7d0f2022-01-05 09:18:41.712root 11241100x80000000000000006858690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a26f9946f1278d2022-01-05 09:18:42.210root 11241100x80000000000000006858691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170033266b1b6cab2022-01-05 09:18:42.210root 11241100x80000000000000006858692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b6f2ef21a4a3962022-01-05 09:18:42.210root 11241100x80000000000000006858693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2660fe5cfba054d2022-01-05 09:18:42.210root 11241100x80000000000000006858694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065a74e4f41b6122022-01-05 09:18:42.210root 11241100x80000000000000006858695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d87db835c165002022-01-05 09:18:42.210root 11241100x80000000000000006858696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15266d1f4a12b122022-01-05 09:18:42.210root 11241100x80000000000000006858697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85222321e354e5b22022-01-05 09:18:42.210root 11241100x80000000000000006858698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d9e3582e60e362022-01-05 09:18:42.211root 11241100x80000000000000006858699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397290504d18f2f2022-01-05 09:18:42.211root 11241100x80000000000000006858700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c116594b9295d522022-01-05 09:18:42.211root 11241100x80000000000000006858701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4967845eb0c3a342022-01-05 09:18:42.211root 11241100x80000000000000006858702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269498533d43a4282022-01-05 09:18:42.211root 11241100x80000000000000006858703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c941ba7db86142022-01-05 09:18:42.211root 11241100x80000000000000006858704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34225ed1ab48c4172022-01-05 09:18:42.211root 11241100x80000000000000006858705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c07e1fbfe1fb2192022-01-05 09:18:42.211root 11241100x80000000000000006858706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed0fbbc9c68e7c2022-01-05 09:18:42.211root 11241100x80000000000000006858707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5319ecd9abcc12022-01-05 09:18:42.211root 11241100x80000000000000006858708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4895eb978706f1602022-01-05 09:18:42.212root 11241100x80000000000000006858709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10b1ed008924b622022-01-05 09:18:42.212root 11241100x80000000000000006858710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232be98f2d09ff1b2022-01-05 09:18:42.212root 11241100x80000000000000006858711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802263a4099b0062022-01-05 09:18:42.212root 11241100x80000000000000006858712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8642d15c9e953f2022-01-05 09:18:42.212root 11241100x80000000000000006858713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456898ac638c2eff2022-01-05 09:18:42.212root 11241100x80000000000000006858714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5c39993418e8362022-01-05 09:18:42.212root 11241100x80000000000000006858715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73517eb3ff124d282022-01-05 09:18:42.710root 11241100x80000000000000006858716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d68195d631bc9df2022-01-05 09:18:42.710root 11241100x80000000000000006858717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d29c62104cfde12022-01-05 09:18:42.710root 11241100x80000000000000006858718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26abbf4a01a3ff112022-01-05 09:18:42.710root 11241100x80000000000000006858719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da326422e5790b42022-01-05 09:18:42.710root 11241100x80000000000000006858720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c1b285b9dde4812022-01-05 09:18:42.710root 11241100x80000000000000006858721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6b8713780f2b452022-01-05 09:18:42.710root 11241100x80000000000000006858722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea7502609790b02022-01-05 09:18:42.710root 11241100x80000000000000006858723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e66e26bcea9912022-01-05 09:18:42.710root 11241100x80000000000000006858724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731bb5dfa6e5be02022-01-05 09:18:42.710root 11241100x80000000000000006858725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd653871cd1abb002022-01-05 09:18:42.711root 11241100x80000000000000006858726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b704b0c29defe002022-01-05 09:18:42.711root 11241100x80000000000000006858727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2593b58ed4fe3c2022-01-05 09:18:42.711root 11241100x80000000000000006858728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5791c5793c53442022-01-05 09:18:42.711root 11241100x80000000000000006858729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b03340a368c403c2022-01-05 09:18:42.711root 11241100x80000000000000006858730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e0799810f53c1e2022-01-05 09:18:42.711root 11241100x80000000000000006858731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07855c18ec32508f2022-01-05 09:18:42.711root 11241100x80000000000000006858732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e6d7d1b420ff892022-01-05 09:18:42.711root 11241100x80000000000000006858733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3dd44848b324292022-01-05 09:18:42.711root 11241100x80000000000000006858734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba396b528c6065ea2022-01-05 09:18:42.711root 11241100x80000000000000006858735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b3a19852aaf112022-01-05 09:18:42.711root 11241100x80000000000000006858736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668035f8244f450e2022-01-05 09:18:42.711root 11241100x80000000000000006858737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e437421fb832a52022-01-05 09:18:42.711root 11241100x80000000000000006858738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1605bc8b462f13262022-01-05 09:18:42.711root 11241100x80000000000000006858739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40ffded6fd1acb2022-01-05 09:18:42.711root 11241100x80000000000000006858740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dac93b59df324062022-01-05 09:18:43.210root 11241100x80000000000000006858741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc524c729fe2cab2022-01-05 09:18:43.210root 11241100x80000000000000006858742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52106944f3528ec32022-01-05 09:18:43.210root 11241100x80000000000000006858743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238d0844291724b92022-01-05 09:18:43.210root 11241100x80000000000000006858744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c173df7323d4c6432022-01-05 09:18:43.210root 11241100x80000000000000006858745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e207ac231e5b43392022-01-05 09:18:43.210root 11241100x80000000000000006858746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524a5681ca421e252022-01-05 09:18:43.210root 11241100x80000000000000006858747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f272377d67f6b62022-01-05 09:18:43.210root 11241100x80000000000000006858748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c21a6abfd346012022-01-05 09:18:43.211root 11241100x80000000000000006858749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6c73a0d979ef62022-01-05 09:18:43.211root 11241100x80000000000000006858750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b54b653ca6ffb372022-01-05 09:18:43.211root 11241100x80000000000000006858751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49077698d6bc8b192022-01-05 09:18:43.211root 11241100x80000000000000006858752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b8131d974834a12022-01-05 09:18:43.211root 11241100x80000000000000006858753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac513dd0e0afd022022-01-05 09:18:43.211root 11241100x80000000000000006858754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf35c45a82aead852022-01-05 09:18:43.211root 11241100x80000000000000006858755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d054ca13846482022-01-05 09:18:43.211root 11241100x80000000000000006858756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdb102af3cfbe9c2022-01-05 09:18:43.212root 11241100x80000000000000006858757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132a45fe3e8e04c2022-01-05 09:18:43.212root 11241100x80000000000000006858758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2982640c1f5676de2022-01-05 09:18:43.212root 11241100x80000000000000006858759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9579e2e0b5fda52022-01-05 09:18:43.212root 11241100x80000000000000006858760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01658f44ac5f98aa2022-01-05 09:18:43.212root 11241100x80000000000000006858761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348f7fe0e42e8532022-01-05 09:18:43.212root 11241100x80000000000000006858762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa9fba8ea7d62042022-01-05 09:18:43.212root 11241100x80000000000000006858763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94547235649f42992022-01-05 09:18:43.212root 11241100x80000000000000006858764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41652f28739a0d492022-01-05 09:18:43.212root 11241100x80000000000000006858765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b41f1c654409112022-01-05 09:18:43.710root 11241100x80000000000000006858766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46494dd9c02d1412022-01-05 09:18:43.710root 11241100x80000000000000006858767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f92097f17b8e5212022-01-05 09:18:43.710root 11241100x80000000000000006858768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d68618dd71b95832022-01-05 09:18:43.710root 11241100x80000000000000006858769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b24843780026562022-01-05 09:18:43.710root 11241100x80000000000000006858770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f842790a713374f62022-01-05 09:18:43.710root 11241100x80000000000000006858771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dadd817e1f5d3532022-01-05 09:18:43.711root 11241100x80000000000000006858772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca2e97d499065172022-01-05 09:18:43.711root 11241100x80000000000000006858773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72d1557a98e92f2022-01-05 09:18:43.711root 11241100x80000000000000006858774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d407121685c346d2022-01-05 09:18:43.711root 11241100x80000000000000006858775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb10e5d841e596e2022-01-05 09:18:43.711root 11241100x80000000000000006858776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825688b8b8fdf4dd2022-01-05 09:18:43.711root 11241100x80000000000000006858777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc7e575bea5f8282022-01-05 09:18:43.711root 11241100x80000000000000006858778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08f724113b031b12022-01-05 09:18:43.711root 11241100x80000000000000006858779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fee40e3e2c60002022-01-05 09:18:43.711root 11241100x80000000000000006858780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab3f2d5b2c0d852022-01-05 09:18:43.712root 11241100x80000000000000006858781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babd4ed38dc2df522022-01-05 09:18:43.712root 11241100x80000000000000006858782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c238762bc564a6972022-01-05 09:18:43.712root 11241100x80000000000000006858783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618242ea1d7d46f42022-01-05 09:18:43.712root 11241100x80000000000000006858784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683c4c2c636619282022-01-05 09:18:43.712root 11241100x80000000000000006858785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a199e2a1bac7f702022-01-05 09:18:43.712root 11241100x80000000000000006858786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790006bbf76e2992022-01-05 09:18:43.712root 11241100x80000000000000006858787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71bfbd3b937bd182022-01-05 09:18:43.712root 11241100x80000000000000006858788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e5845a3edcca3e2022-01-05 09:18:43.712root 11241100x80000000000000006858789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d2cfab1b4e2efa2022-01-05 09:18:43.713root 354300x80000000000000006858790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.207{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40658-false10.0.1.12-8000- 11241100x80000000000000006858791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.207{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74b26ecf3cc906d2022-01-05 09:18:44.207root 11241100x80000000000000006858792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.207{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04da6379b240a72022-01-05 09:18:44.207root 11241100x80000000000000006858793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e0cd0d9466bc4b2022-01-05 09:18:44.208root 11241100x80000000000000006858794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6044d8eab91dc2022-01-05 09:18:44.208root 11241100x80000000000000006858795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e1beb3e621aa0f2022-01-05 09:18:44.208root 11241100x80000000000000006858796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129588b3abdb9b2f2022-01-05 09:18:44.208root 11241100x80000000000000006858797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eef332bf0f2e8d2022-01-05 09:18:44.208root 11241100x80000000000000006858798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de10b51575601532022-01-05 09:18:44.208root 11241100x80000000000000006858799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c805a4cf3678e7082022-01-05 09:18:44.208root 11241100x80000000000000006858800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c678a0ce01d446362022-01-05 09:18:44.208root 11241100x80000000000000006858801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609218f8c9a89f002022-01-05 09:18:44.209root 11241100x80000000000000006858802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f08d8f86bf71e52022-01-05 09:18:44.209root 11241100x80000000000000006858803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba045c852a67492022-01-05 09:18:44.209root 11241100x80000000000000006858804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c505752e72d50bfb2022-01-05 09:18:44.209root 11241100x80000000000000006858805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07218bb444bca1582022-01-05 09:18:44.209root 11241100x80000000000000006858806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae8d7c9eea4bc62022-01-05 09:18:44.209root 11241100x80000000000000006858807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c3f4b9e055245a2022-01-05 09:18:44.209root 11241100x80000000000000006858808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fc039dcbb3eab2022-01-05 09:18:44.209root 11241100x80000000000000006858809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b64ee87027197e2022-01-05 09:18:44.209root 11241100x80000000000000006858810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39ab5f3caa117492022-01-05 09:18:44.209root 11241100x80000000000000006858811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a1af5bcffa9cc2022-01-05 09:18:44.209root 11241100x80000000000000006858812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6ae4e5693be212022-01-05 09:18:44.209root 11241100x80000000000000006858813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c753fb7d907a6522022-01-05 09:18:44.210root 11241100x80000000000000006858814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d80923f39b6412022-01-05 09:18:44.210root 11241100x80000000000000006858815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e525b5d98d90c2642022-01-05 09:18:44.210root 11241100x80000000000000006858816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e553967525e9ebdd2022-01-05 09:18:44.210root 11241100x80000000000000006858817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca832ceb4733b2a2022-01-05 09:18:44.210root 11241100x80000000000000006858818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1741223bf25adecd2022-01-05 09:18:44.210root 11241100x80000000000000006858819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728161d3541284262022-01-05 09:18:44.210root 11241100x80000000000000006858820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e398ab3098e70452022-01-05 09:18:44.210root 11241100x80000000000000006858821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1240d9c42379c92022-01-05 09:18:44.210root 11241100x80000000000000006858822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ea3492fea8feb22022-01-05 09:18:44.210root 11241100x80000000000000006858823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d33c70fef07df542022-01-05 09:18:44.210root 11241100x80000000000000006858824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d91a609695a6e02022-01-05 09:18:44.210root 11241100x80000000000000006858825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727640e82663ad4c2022-01-05 09:18:44.211root 11241100x80000000000000006858826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97431528c20380f2022-01-05 09:18:44.211root 11241100x80000000000000006858827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ba0bc29e0685d2022-01-05 09:18:44.211root 11241100x80000000000000006858828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381fe61b212b05242022-01-05 09:18:44.460root 11241100x80000000000000006858829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8099cafc9d2a902022-01-05 09:18:44.460root 11241100x80000000000000006858830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6582c06fe375c52022-01-05 09:18:44.460root 11241100x80000000000000006858831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c56b1cb6e431b42022-01-05 09:18:44.460root 11241100x80000000000000006858832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15dd2a969423982022-01-05 09:18:44.460root 11241100x80000000000000006858833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c8073dabfd6fc2022-01-05 09:18:44.460root 11241100x80000000000000006858834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b474f1d809a9ea9f2022-01-05 09:18:44.460root 11241100x80000000000000006858835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b54184da9b2c7f2022-01-05 09:18:44.461root 11241100x80000000000000006858836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e20d59715c8882022-01-05 09:18:44.461root 11241100x80000000000000006858837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc8eacb0c4af0a62022-01-05 09:18:44.461root 11241100x80000000000000006858838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa0c203c9eb50912022-01-05 09:18:44.461root 11241100x80000000000000006858839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a2f716c079d9d2022-01-05 09:18:44.461root 11241100x80000000000000006858840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622c0489fdbda052022-01-05 09:18:44.461root 11241100x80000000000000006858841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60fb0481ac8a0282022-01-05 09:18:44.461root 11241100x80000000000000006858842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34482ba62fc6f802022-01-05 09:18:44.461root 11241100x80000000000000006858843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d8d02559f74c02022-01-05 09:18:44.461root 11241100x80000000000000006858844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6f6436614cbc872022-01-05 09:18:44.461root 11241100x80000000000000006858845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11283c558487612f2022-01-05 09:18:44.461root 11241100x80000000000000006858846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43c9e15ea1875e82022-01-05 09:18:44.461root 11241100x80000000000000006858847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30f5a4c6ff681722022-01-05 09:18:44.462root 11241100x80000000000000006858848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e716cd331f609e42022-01-05 09:18:44.462root 11241100x80000000000000006858849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad479b4209c5542022-01-05 09:18:44.462root 11241100x80000000000000006858850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885da5b20cba50112022-01-05 09:18:44.462root 11241100x80000000000000006858851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fa7fe8c8cace92022-01-05 09:18:44.462root 11241100x80000000000000006858852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ca3ad13a4917572022-01-05 09:18:44.462root 11241100x80000000000000006858853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d0eb751e1fa6d72022-01-05 09:18:44.462root 11241100x80000000000000006858854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed4f4a8d3ed0b12022-01-05 09:18:44.960root 11241100x80000000000000006858855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8576cceb7b9f4e2022-01-05 09:18:44.960root 11241100x80000000000000006858856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb06f4568f29f802022-01-05 09:18:44.960root 11241100x80000000000000006858857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628fd6a8d293a9ac2022-01-05 09:18:44.960root 11241100x80000000000000006858858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b260528363e0c1a72022-01-05 09:18:44.960root 11241100x80000000000000006858859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a96d14a0f460c642022-01-05 09:18:44.960root 11241100x80000000000000006858860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7358ccda6511dad2022-01-05 09:18:44.960root 11241100x80000000000000006858861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45153ffb2780da82022-01-05 09:18:44.960root 11241100x80000000000000006858862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bfdc3a6b09e39f2022-01-05 09:18:44.961root 11241100x80000000000000006858863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379978dc03f2a13d2022-01-05 09:18:44.961root 11241100x80000000000000006858864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e2a85b07454b2b2022-01-05 09:18:44.961root 11241100x80000000000000006858865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896c251535a54352022-01-05 09:18:44.961root 11241100x80000000000000006858866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af6e38a8d248452022-01-05 09:18:44.961root 11241100x80000000000000006858867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8ec0590246a8552022-01-05 09:18:44.961root 11241100x80000000000000006858868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f161ded750421da42022-01-05 09:18:44.961root 11241100x80000000000000006858869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a59532125e0b4802022-01-05 09:18:44.961root 11241100x80000000000000006858870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef81de00bbb029c2022-01-05 09:18:44.961root 11241100x80000000000000006858871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb8600cf714a31b2022-01-05 09:18:44.961root 11241100x80000000000000006858872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcb5a11c2a907412022-01-05 09:18:44.961root 11241100x80000000000000006858873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54995aca67083262022-01-05 09:18:44.961root 11241100x80000000000000006858874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62595061630353682022-01-05 09:18:44.961root 11241100x80000000000000006858875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af685c7cb300f102022-01-05 09:18:44.961root 11241100x80000000000000006858876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7b5f305e8d0dc72022-01-05 09:18:44.962root 11241100x80000000000000006858877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4bb3d7916d59e72022-01-05 09:18:44.962root 11241100x80000000000000006858878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab310f98aaef3642022-01-05 09:18:44.962root 11241100x80000000000000006858879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c735f54a41f24d2022-01-05 09:18:44.962root 11241100x80000000000000006858880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45691315ef5a07ab2022-01-05 09:18:45.460root 11241100x80000000000000006858881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e92bed5ea111b02022-01-05 09:18:45.460root 11241100x80000000000000006858882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e56abb27381072022-01-05 09:18:45.460root 11241100x80000000000000006858883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfca660a9bc34362022-01-05 09:18:45.460root 11241100x80000000000000006858884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5254d39c27dba10c2022-01-05 09:18:45.460root 11241100x80000000000000006858885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6593c90070c27f652022-01-05 09:18:45.460root 11241100x80000000000000006858886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f218caef92499ed22022-01-05 09:18:45.460root 11241100x80000000000000006858887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b47cec2da41d92022-01-05 09:18:45.460root 11241100x80000000000000006858888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefb627b0358546e2022-01-05 09:18:45.461root 11241100x80000000000000006858889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff06e7c60a6cc73c2022-01-05 09:18:45.461root 11241100x80000000000000006858890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379a577493af3682022-01-05 09:18:45.461root 11241100x80000000000000006858891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c997e50f4923e92022-01-05 09:18:45.461root 11241100x80000000000000006858892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8adcb0318f3e45a2022-01-05 09:18:45.461root 11241100x80000000000000006858893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128d2667177b5932022-01-05 09:18:45.461root 11241100x80000000000000006858894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76afc57a16969bfe2022-01-05 09:18:45.461root 11241100x80000000000000006858895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b20b3c7663c54852022-01-05 09:18:45.461root 11241100x80000000000000006858896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946daf47067462132022-01-05 09:18:45.461root 11241100x80000000000000006858897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feae40d1c4c8da22022-01-05 09:18:45.461root 11241100x80000000000000006858898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7abe98c0f99b332022-01-05 09:18:45.461root 11241100x80000000000000006858899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b2e6c48a53de92022-01-05 09:18:45.461root 11241100x80000000000000006858900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7001aab4ff2139e2022-01-05 09:18:45.461root 11241100x80000000000000006858901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafbbed290448d642022-01-05 09:18:45.461root 11241100x80000000000000006858902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2807bdf310ed1fe2022-01-05 09:18:45.462root 11241100x80000000000000006858903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6933b7a93c9c01252022-01-05 09:18:45.462root 11241100x80000000000000006858904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77b0fc07519e622022-01-05 09:18:45.462root 11241100x80000000000000006858905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fc4eea781b8a312022-01-05 09:18:45.462root 11241100x80000000000000006858906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3fb58b0ca8816c2022-01-05 09:18:45.960root 11241100x80000000000000006858907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d6304db4ff3062022-01-05 09:18:45.960root 11241100x80000000000000006858908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c042be11714a9832022-01-05 09:18:45.960root 11241100x80000000000000006858909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c737c60073d7b8d2022-01-05 09:18:45.960root 11241100x80000000000000006858910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1204c99d809ca22022-01-05 09:18:45.960root 11241100x80000000000000006858911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc9782a291dbb572022-01-05 09:18:45.960root 11241100x80000000000000006858912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02aff7f3dbcc7022022-01-05 09:18:45.960root 11241100x80000000000000006858913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6ce48c9b6f5f0b2022-01-05 09:18:45.961root 11241100x80000000000000006858914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32da928cedd53b942022-01-05 09:18:45.961root 11241100x80000000000000006858915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc4b7768a136d12022-01-05 09:18:45.961root 11241100x80000000000000006858916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaec63dc835389762022-01-05 09:18:45.961root 11241100x80000000000000006858917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593509dcf2212d82022-01-05 09:18:45.961root 11241100x80000000000000006858918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b5f67b8de027432022-01-05 09:18:45.961root 11241100x80000000000000006858919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0250d6974c2ef1ef2022-01-05 09:18:45.961root 11241100x80000000000000006858920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf734532b9eb48812022-01-05 09:18:45.961root 11241100x80000000000000006858921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1db61ebb0f19f42022-01-05 09:18:45.961root 11241100x80000000000000006858922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33cb89142bab7a72022-01-05 09:18:45.961root 11241100x80000000000000006858923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9919dcdd3ed2601b2022-01-05 09:18:45.961root 11241100x80000000000000006858924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524bdcb41973efb22022-01-05 09:18:45.961root 11241100x80000000000000006858925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db24bf6fabac98b2022-01-05 09:18:45.962root 11241100x80000000000000006858926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6beda5f8cf2b72022-01-05 09:18:45.962root 11241100x80000000000000006858927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9a319d90e79452022-01-05 09:18:45.962root 11241100x80000000000000006858928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc2acd25d5ee222022-01-05 09:18:45.962root 11241100x80000000000000006858929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e63cd097b14a42022-01-05 09:18:45.963root 11241100x80000000000000006858930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a27d5227d77a82a2022-01-05 09:18:45.963root 11241100x80000000000000006858931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08905955f8e87d462022-01-05 09:18:45.964root 11241100x80000000000000006858932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f3360466e4d9c32022-01-05 09:18:46.460root 11241100x80000000000000006858933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5980efdb5a57942022-01-05 09:18:46.460root 11241100x80000000000000006858934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b542fba0e762572022-01-05 09:18:46.460root 11241100x80000000000000006858935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fda8a8048627392022-01-05 09:18:46.460root 11241100x80000000000000006858936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7034d96533c127222022-01-05 09:18:46.461root 11241100x80000000000000006858937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20857c4cac16630b2022-01-05 09:18:46.461root 11241100x80000000000000006858938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5c24ba25bf0042022-01-05 09:18:46.461root 11241100x80000000000000006858939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08181e3aa0289ee2022-01-05 09:18:46.461root 11241100x80000000000000006858940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9246333b9b7c6d2022-01-05 09:18:46.461root 11241100x80000000000000006858941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026f8b7c204783a2022-01-05 09:18:46.461root 11241100x80000000000000006858942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de43716610f8d1912022-01-05 09:18:46.461root 11241100x80000000000000006858943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c41cc086006915e2022-01-05 09:18:46.461root 11241100x80000000000000006858944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2473cf671c6d65e92022-01-05 09:18:46.461root 11241100x80000000000000006858945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dbde6a65558ab02022-01-05 09:18:46.461root 11241100x80000000000000006858946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c9e7fdc0ff4d6d2022-01-05 09:18:46.462root 11241100x80000000000000006858947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecf5326588e4f9e2022-01-05 09:18:46.462root 11241100x80000000000000006858948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937a0ad1d24e477e2022-01-05 09:18:46.462root 11241100x80000000000000006858949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b99ca580be74ab62022-01-05 09:18:46.462root 11241100x80000000000000006858950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a063a996e644d8822022-01-05 09:18:46.462root 11241100x80000000000000006858951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5873b6782d8852b02022-01-05 09:18:46.462root 11241100x80000000000000006858952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6b342602fda272022-01-05 09:18:46.462root 11241100x80000000000000006858953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341fa46e8ee9311a2022-01-05 09:18:46.462root 11241100x80000000000000006858954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df604736eaa10e92022-01-05 09:18:46.462root 11241100x80000000000000006858955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b941e9ad545c8c1a2022-01-05 09:18:46.462root 11241100x80000000000000006858956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69e15bde277769c2022-01-05 09:18:46.463root 11241100x80000000000000006858957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1858ee054ac7f92022-01-05 09:18:46.463root 11241100x80000000000000006858958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06ca940566996242022-01-05 09:18:46.960root 11241100x80000000000000006858959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca76117e897148a02022-01-05 09:18:46.960root 11241100x80000000000000006858960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6d9ee24d83fe72022-01-05 09:18:46.960root 11241100x80000000000000006858961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d35f09a71abd5f52022-01-05 09:18:46.960root 11241100x80000000000000006858962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758d3f6ecafe9da2022-01-05 09:18:46.960root 11241100x80000000000000006858963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ef89dc594f6ab92022-01-05 09:18:46.960root 11241100x80000000000000006858964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9430f3f4ab06c82022-01-05 09:18:46.961root 11241100x80000000000000006858965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219ee05209f1f25a2022-01-05 09:18:46.961root 11241100x80000000000000006858966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a9fb9ffed268352022-01-05 09:18:46.961root 11241100x80000000000000006858967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20cbb34bcc4a3862022-01-05 09:18:46.961root 11241100x80000000000000006858968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19bd303af2fd2df2022-01-05 09:18:46.961root 11241100x80000000000000006858969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae51bf2cd3805042022-01-05 09:18:46.961root 11241100x80000000000000006858970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad3a98c63ce6652022-01-05 09:18:46.961root 11241100x80000000000000006858971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17ab01454bdc4ba2022-01-05 09:18:46.961root 11241100x80000000000000006858972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494bf2230d8bd8d72022-01-05 09:18:46.961root 11241100x80000000000000006858973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc026362860e6492022-01-05 09:18:46.961root 11241100x80000000000000006858974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc2b7b83d2a2b52022-01-05 09:18:46.961root 11241100x80000000000000006858975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1800fc2bc36fec32022-01-05 09:18:46.962root 11241100x80000000000000006858976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc8b329256c8972022-01-05 09:18:46.962root 11241100x80000000000000006858977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5889d7b5a0aff9c2022-01-05 09:18:46.962root 11241100x80000000000000006858978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091423419b0a2fb2022-01-05 09:18:46.962root 11241100x80000000000000006858979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599e6ab3000ebef52022-01-05 09:18:46.962root 11241100x80000000000000006858980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236017cacc49621f2022-01-05 09:18:46.962root 11241100x80000000000000006858981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0544f32d5599b63c2022-01-05 09:18:46.962root 11241100x80000000000000006858982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfda0d6d024351e2022-01-05 09:18:46.962root 11241100x80000000000000006858983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7530bd0b7680f1372022-01-05 09:18:46.964root 11241100x80000000000000006858984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdac5d82d5d0d492022-01-05 09:18:46.964root 11241100x80000000000000006858985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9721557b4382042022-01-05 09:18:46.964root 11241100x80000000000000006858986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496fbe0520c679aa2022-01-05 09:18:46.964root 11241100x80000000000000006858987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5662e6ae7383cbf2022-01-05 09:18:46.964root 11241100x80000000000000006858988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6ca4b8c39f9e0d2022-01-05 09:18:46.964root 11241100x80000000000000006858989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafef8220662c5a02022-01-05 09:18:46.964root 11241100x80000000000000006858990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee15e9cfd10388ea2022-01-05 09:18:46.964root 11241100x80000000000000006858991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654dd90b1d1cbe22022-01-05 09:18:46.964root 11241100x80000000000000006858992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38eb5b23bc8caaa42022-01-05 09:18:46.965root 11241100x80000000000000006858993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8bcd49c54581542022-01-05 09:18:46.965root 11241100x80000000000000006858994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229c858fc252dbc02022-01-05 09:18:46.965root 11241100x80000000000000006858995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ac48ac164fc4a2022-01-05 09:18:46.965root 11241100x80000000000000006858996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30440f15af59d4ce2022-01-05 09:18:46.965root 11241100x80000000000000006858997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327c2ad5566396a22022-01-05 09:18:46.965root 11241100x80000000000000006858998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851ceed3488407d32022-01-05 09:18:46.965root 11241100x80000000000000006858999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee8e65510b74e2e2022-01-05 09:18:46.965root 11241100x80000000000000006859000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1f292f6f9bb0d22022-01-05 09:18:46.966root 11241100x80000000000000006859001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828effb4d0b8b6d72022-01-05 09:18:46.966root 11241100x80000000000000006859002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d71fc3d1aca890c2022-01-05 09:18:46.966root 11241100x80000000000000006859003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007cf4212168b8d22022-01-05 09:18:46.966root 11241100x80000000000000006859004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85fb684f98317ed2022-01-05 09:18:46.966root 11241100x80000000000000006859005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753521bc4328e5242022-01-05 09:18:47.460root 11241100x80000000000000006859006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c67b3af9032b3e2022-01-05 09:18:47.460root 11241100x80000000000000006859007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488d571825051aae2022-01-05 09:18:47.460root 11241100x80000000000000006859008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b6330bfda78cd2022-01-05 09:18:47.460root 11241100x80000000000000006859009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0007375ac1ed28252022-01-05 09:18:47.460root 11241100x80000000000000006859010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20833b282809d03d2022-01-05 09:18:47.460root 11241100x80000000000000006859011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7548dc6c4c536e1b2022-01-05 09:18:47.461root 11241100x80000000000000006859012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290503a0ec2f0eed2022-01-05 09:18:47.461root 11241100x80000000000000006859013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b058553a94fa7e2022-01-05 09:18:47.461root 11241100x80000000000000006859014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e1fb0723192c12022-01-05 09:18:47.461root 11241100x80000000000000006859015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49aba2b44240432022-01-05 09:18:47.461root 11241100x80000000000000006859016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf1378c34f1665d2022-01-05 09:18:47.461root 11241100x80000000000000006859017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607badbe50ad33ab2022-01-05 09:18:47.461root 11241100x80000000000000006859018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd598de8f9861cd2022-01-05 09:18:47.461root 11241100x80000000000000006859019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929394c8ac1dc6d2022-01-05 09:18:47.461root 11241100x80000000000000006859020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ff60fe85415f512022-01-05 09:18:47.462root 11241100x80000000000000006859021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cad71161996ca42022-01-05 09:18:47.462root 11241100x80000000000000006859022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e199ac946b7f9f9c2022-01-05 09:18:47.462root 11241100x80000000000000006859023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0a279103aa90392022-01-05 09:18:47.462root 11241100x80000000000000006859024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49323f403445af2022-01-05 09:18:47.462root 11241100x80000000000000006859025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855024f7692a79f2022-01-05 09:18:47.462root 11241100x80000000000000006859026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7dffbeaf250152022-01-05 09:18:47.462root 11241100x80000000000000006859027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0824571f883ca2022-01-05 09:18:47.462root 11241100x80000000000000006859028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ec713e2ea13a432022-01-05 09:18:47.463root 11241100x80000000000000006859029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3cb346c76e56eb2022-01-05 09:18:47.463root 11241100x80000000000000006859030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97afe669f3e6f6fb2022-01-05 09:18:47.463root 11241100x80000000000000006859031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fa3ab2d072e0ae2022-01-05 09:18:47.960root 11241100x80000000000000006859032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa55c3eb76e2ae082022-01-05 09:18:47.960root 11241100x80000000000000006859033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbae0d51f89e4b12022-01-05 09:18:47.960root 11241100x80000000000000006859034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9241455cfdd19d2e2022-01-05 09:18:47.960root 11241100x80000000000000006859035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798eefcc007beeb02022-01-05 09:18:47.961root 11241100x80000000000000006859036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac380572eacc37812022-01-05 09:18:47.961root 11241100x80000000000000006859037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144125b965905f3a2022-01-05 09:18:47.961root 11241100x80000000000000006859038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7189dfb25d58ba452022-01-05 09:18:47.961root 11241100x80000000000000006859039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43901a884cf8d3c2022-01-05 09:18:47.961root 11241100x80000000000000006859040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ff85f80df91f22022-01-05 09:18:47.961root 11241100x80000000000000006859041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e93b765faf1312022-01-05 09:18:47.962root 11241100x80000000000000006859042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83142038c37768ab2022-01-05 09:18:47.962root 11241100x80000000000000006859043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54fef45084f6a4e2022-01-05 09:18:47.962root 11241100x80000000000000006859044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d578d6da95831112022-01-05 09:18:47.962root 11241100x80000000000000006859045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ad82e69cf9cc42022-01-05 09:18:47.962root 11241100x80000000000000006859046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbecea26340d5e32022-01-05 09:18:47.962root 11241100x80000000000000006859047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc877c18f3d1be02022-01-05 09:18:47.962root 11241100x80000000000000006859048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ddd75c471dc062022-01-05 09:18:47.963root 11241100x80000000000000006859049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4843f63d1af844652022-01-05 09:18:47.963root 11241100x80000000000000006859050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eafe39401a754d72022-01-05 09:18:47.963root 11241100x80000000000000006859051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079f5cacffff4e0e2022-01-05 09:18:47.963root 11241100x80000000000000006859052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa07bf2f6f19072022-01-05 09:18:47.963root 11241100x80000000000000006859053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24fecd5fd2a0252022-01-05 09:18:47.963root 11241100x80000000000000006859054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa319cd1fc1aefb2022-01-05 09:18:47.964root 11241100x80000000000000006859055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232baa2c1a5152d22022-01-05 09:18:47.964root 11241100x80000000000000006859056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be392c092ce90a52022-01-05 09:18:47.964root 11241100x80000000000000006859057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cffab7b2ff88c62022-01-05 09:18:48.460root 11241100x80000000000000006859058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb282ec91749cc02022-01-05 09:18:48.460root 11241100x80000000000000006859059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1316fde57b992522022-01-05 09:18:48.460root 11241100x80000000000000006859060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec2d3501f892272022-01-05 09:18:48.460root 11241100x80000000000000006859061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8471de47d6f6035b2022-01-05 09:18:48.460root 11241100x80000000000000006859062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c74543fb7e5f0b2022-01-05 09:18:48.461root 11241100x80000000000000006859063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3440a52965d0d42022-01-05 09:18:48.461root 11241100x80000000000000006859064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414bf948c607bb5f2022-01-05 09:18:48.461root 11241100x80000000000000006859065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d6788a0019a9ba2022-01-05 09:18:48.461root 11241100x80000000000000006859066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff3b28879d79b62022-01-05 09:18:48.461root 11241100x80000000000000006859067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4357a69673608302022-01-05 09:18:48.461root 11241100x80000000000000006859068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98310bdde4e8c902022-01-05 09:18:48.461root 11241100x80000000000000006859069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00aba603bc94d2d52022-01-05 09:18:48.462root 11241100x80000000000000006859070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a9b68f931b4372022-01-05 09:18:48.462root 11241100x80000000000000006859071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c387ce3ef313b9502022-01-05 09:18:48.462root 11241100x80000000000000006859072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c45c7f1e601d4b2022-01-05 09:18:48.462root 11241100x80000000000000006859073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314ae285846f21552022-01-05 09:18:48.462root 11241100x80000000000000006859074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ec21eac46ec2c2022-01-05 09:18:48.462root 11241100x80000000000000006859075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291b5d737ca7ed272022-01-05 09:18:48.462root 11241100x80000000000000006859076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0c14c4ab03d3712022-01-05 09:18:48.463root 11241100x80000000000000006859077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e6df5ebc0c5fc72022-01-05 09:18:48.463root 11241100x80000000000000006859078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce960479493e16d42022-01-05 09:18:48.463root 11241100x80000000000000006859079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80801fffa1137e8a2022-01-05 09:18:48.463root 11241100x80000000000000006859080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951673c271cc2ae62022-01-05 09:18:48.463root 11241100x80000000000000006859081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8ba53dc64f88822022-01-05 09:18:48.463root 11241100x80000000000000006859082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8d6ed4eee9577b2022-01-05 09:18:48.463root 11241100x80000000000000006859083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece083aef72ab1f02022-01-05 09:18:48.960root 11241100x80000000000000006859084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97678b6dd44692f12022-01-05 09:18:48.960root 11241100x80000000000000006859085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b32c6fb0602cbb62022-01-05 09:18:48.960root 11241100x80000000000000006859086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b1a6e84eef1d082022-01-05 09:18:48.960root 11241100x80000000000000006859087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548cf95b9a40a0f22022-01-05 09:18:48.960root 11241100x80000000000000006859088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b883d5412ce14d912022-01-05 09:18:48.960root 11241100x80000000000000006859089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c035b702bf55d3d2022-01-05 09:18:48.961root 11241100x80000000000000006859090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50710c252b5fed122022-01-05 09:18:48.961root 11241100x80000000000000006859091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3d3849b15766bf2022-01-05 09:18:48.961root 11241100x80000000000000006859092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c269ed4166b3d2022-01-05 09:18:48.961root 11241100x80000000000000006859093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b96387564e18812022-01-05 09:18:48.961root 11241100x80000000000000006859094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910e944e2ddf4dd2022-01-05 09:18:48.961root 11241100x80000000000000006859095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6452b96e19a1b3392022-01-05 09:18:48.961root 11241100x80000000000000006859096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83830f17a08b5a22022-01-05 09:18:48.961root 11241100x80000000000000006859097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf84f58d1615d72022-01-05 09:18:48.961root 11241100x80000000000000006859098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cd0c07f02e9e522022-01-05 09:18:48.961root 11241100x80000000000000006859099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dbb4a19c992c8b2022-01-05 09:18:48.962root 11241100x80000000000000006859100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d323d9838fd892022-01-05 09:18:48.962root 11241100x80000000000000006859101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c447428a25e00142022-01-05 09:18:48.962root 11241100x80000000000000006859102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c23f3a05dc753112022-01-05 09:18:48.962root 11241100x80000000000000006859103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53616e26347b84f2022-01-05 09:18:48.962root 11241100x80000000000000006859104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b854396eecf182022-01-05 09:18:48.962root 11241100x80000000000000006859105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252155acd54096972022-01-05 09:18:48.962root 11241100x80000000000000006859106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ef31f4a31395432022-01-05 09:18:48.962root 11241100x80000000000000006859107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2f4d52e6f6173f2022-01-05 09:18:48.962root 11241100x80000000000000006859108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8769316d389f82022-01-05 09:18:48.962root 11241100x80000000000000006859109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0689ed07f20e7e62022-01-05 09:18:49.460root 11241100x80000000000000006859110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5a64d6257de4122022-01-05 09:18:49.460root 11241100x80000000000000006859111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10957b8f4b4b05772022-01-05 09:18:49.460root 11241100x80000000000000006859112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92202742521105c2022-01-05 09:18:49.460root 11241100x80000000000000006859113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9606d72158d00342022-01-05 09:18:49.460root 11241100x80000000000000006859114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c74f5f5e2baae2022-01-05 09:18:49.461root 11241100x80000000000000006859115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac06c94b6810fc272022-01-05 09:18:49.461root 11241100x80000000000000006859116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc77fbec83cd3e82022-01-05 09:18:49.461root 11241100x80000000000000006859117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747fb37264ac391d2022-01-05 09:18:49.461root 11241100x80000000000000006859118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef85b7fdf6e4e62022-01-05 09:18:49.461root 11241100x80000000000000006859119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8441630717382e062022-01-05 09:18:49.461root 11241100x80000000000000006859120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a363b8230bcde6252022-01-05 09:18:49.462root 11241100x80000000000000006859121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520b5bdf8d2e80552022-01-05 09:18:49.462root 11241100x80000000000000006859122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b917be4690aa3a2022-01-05 09:18:49.462root 11241100x80000000000000006859123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3a413d54d114962022-01-05 09:18:49.462root 11241100x80000000000000006859124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7bf0a54ab270202022-01-05 09:18:49.462root 11241100x80000000000000006859125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521a723fb8530392022-01-05 09:18:49.462root 11241100x80000000000000006859126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41792192966808852022-01-05 09:18:49.462root 11241100x80000000000000006859127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668346166149f24f2022-01-05 09:18:49.463root 11241100x80000000000000006859128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a9cc16d422d6fb2022-01-05 09:18:49.463root 11241100x80000000000000006859129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59eed92568283f72022-01-05 09:18:49.463root 11241100x80000000000000006859130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5038792236a2ca12022-01-05 09:18:49.463root 11241100x80000000000000006859131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92b5692be72f182022-01-05 09:18:49.463root 11241100x80000000000000006859132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb62fd0b9376e302022-01-05 09:18:49.463root 11241100x80000000000000006859133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d54eb0b5228df2022-01-05 09:18:49.463root 11241100x80000000000000006859134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de9bdc62ec026c62022-01-05 09:18:49.463root 11241100x80000000000000006859135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2324bee4548c21df2022-01-05 09:18:49.960root 11241100x80000000000000006859136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20497757432cd7dc2022-01-05 09:18:49.960root 11241100x80000000000000006859137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc25f113d0a2ac82022-01-05 09:18:49.960root 11241100x80000000000000006859138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174488e4e02a3292022-01-05 09:18:49.960root 11241100x80000000000000006859139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f5a76eb92a1862022-01-05 09:18:49.960root 11241100x80000000000000006859140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7071b301affe9c32022-01-05 09:18:49.961root 11241100x80000000000000006859141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eeb8b60183e91d2022-01-05 09:18:49.961root 11241100x80000000000000006859142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f26fe77f9f917652022-01-05 09:18:49.961root 11241100x80000000000000006859143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b068b6ca4370c42022-01-05 09:18:49.961root 11241100x80000000000000006859144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bdc650d6c6e1db2022-01-05 09:18:49.961root 11241100x80000000000000006859145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09967a4adccbb0022022-01-05 09:18:49.962root 11241100x80000000000000006859146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb8fa4afc64fda72022-01-05 09:18:49.962root 11241100x80000000000000006859147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920ff7db09c24592022-01-05 09:18:49.962root 11241100x80000000000000006859148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d36c05828946ec2022-01-05 09:18:49.962root 11241100x80000000000000006859149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32deac2c00fc70472022-01-05 09:18:49.962root 11241100x80000000000000006859150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505d445c982018f82022-01-05 09:18:49.962root 11241100x80000000000000006859151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4f050da6f60e482022-01-05 09:18:49.962root 11241100x80000000000000006859152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebde1bf21b4872032022-01-05 09:18:49.962root 11241100x80000000000000006859153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3831ee3bf96d27082022-01-05 09:18:49.962root 11241100x80000000000000006859154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14477d48c249172022-01-05 09:18:49.962root 11241100x80000000000000006859155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861e6ad4bb7f0b442022-01-05 09:18:49.962root 11241100x80000000000000006859156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f0de3db24bb40c2022-01-05 09:18:49.962root 11241100x80000000000000006859157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46850e4006e8990b2022-01-05 09:18:49.962root 11241100x80000000000000006859158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13688c6121a7d2c42022-01-05 09:18:49.962root 11241100x80000000000000006859159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da503f2f56b66242022-01-05 09:18:49.963root 11241100x80000000000000006859160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fe1d15b32b69132022-01-05 09:18:49.963root 354300x80000000000000006859161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.190{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40660-false10.0.1.12-8000- 11241100x80000000000000006859162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ede35900c1ac342022-01-05 09:18:50.460root 11241100x80000000000000006859163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29357832c5eb0bd92022-01-05 09:18:50.460root 11241100x80000000000000006859164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e00a62e04b7a92022-01-05 09:18:50.460root 11241100x80000000000000006859165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ca902a58b051802022-01-05 09:18:50.460root 11241100x80000000000000006859166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7177d854c84b6f2022-01-05 09:18:50.460root 11241100x80000000000000006859167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450a92153ce9375b2022-01-05 09:18:50.460root 11241100x80000000000000006859168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b606e42cb9d5f4e2022-01-05 09:18:50.460root 11241100x80000000000000006859169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6131e0fb28f7672022-01-05 09:18:50.460root 11241100x80000000000000006859170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f690927a92a4748d2022-01-05 09:18:50.460root 11241100x80000000000000006859171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db9908efb6926262022-01-05 09:18:50.461root 11241100x80000000000000006859172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a7cd4b2ca30b152022-01-05 09:18:50.461root 11241100x80000000000000006859173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab2d88185eaff8f2022-01-05 09:18:50.461root 11241100x80000000000000006859174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dde4ab7a30ae6e2022-01-05 09:18:50.461root 11241100x80000000000000006859175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943da6aab044d9e2022-01-05 09:18:50.461root 11241100x80000000000000006859176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c313c3ad70c726ea2022-01-05 09:18:50.461root 11241100x80000000000000006859177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c1cf74881b886e2022-01-05 09:18:50.461root 11241100x80000000000000006859178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ac376e67dc8872022-01-05 09:18:50.461root 11241100x80000000000000006859179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec4ea9be133ab812022-01-05 09:18:50.461root 11241100x80000000000000006859180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ac5dc2ad20df02022-01-05 09:18:50.461root 11241100x80000000000000006859181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde5e375af6f60a92022-01-05 09:18:50.461root 11241100x80000000000000006859182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7df3f8cb80f4572022-01-05 09:18:50.461root 11241100x80000000000000006859183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99e9a200a461492022-01-05 09:18:50.461root 11241100x80000000000000006859184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d8836119d73d12022-01-05 09:18:50.461root 11241100x80000000000000006859185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6263952f6c82b2832022-01-05 09:18:50.461root 11241100x80000000000000006859186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8957f87ae78aee32022-01-05 09:18:50.462root 11241100x80000000000000006859187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee314e9b8c80c3622022-01-05 09:18:50.462root 11241100x80000000000000006859188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44670d01d941f6542022-01-05 09:18:50.462root 11241100x80000000000000006859189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a879c33e5cc2d2022-01-05 09:18:50.960root 11241100x80000000000000006859190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d76368d6ee6d92022-01-05 09:18:50.960root 11241100x80000000000000006859191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cb75db1f2ddf142022-01-05 09:18:50.960root 11241100x80000000000000006859192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7090607a194e4d852022-01-05 09:18:50.960root 11241100x80000000000000006859193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12598546c6ff654b2022-01-05 09:18:50.961root 11241100x80000000000000006859194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaf2a26b65d91812022-01-05 09:18:50.961root 11241100x80000000000000006859195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846bd0cd4be8ba02022-01-05 09:18:50.961root 11241100x80000000000000006859196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0359b09f798e299e2022-01-05 09:18:50.961root 11241100x80000000000000006859197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323442729c4dd6522022-01-05 09:18:50.961root 11241100x80000000000000006859198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01372e7c30efec2c2022-01-05 09:18:50.961root 11241100x80000000000000006859199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c419dcfcae3870412022-01-05 09:18:50.961root 11241100x80000000000000006859200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a769bf2134d3132022-01-05 09:18:50.961root 11241100x80000000000000006859201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d296ac7913f8762022-01-05 09:18:50.961root 11241100x80000000000000006859202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb249761b377da2022-01-05 09:18:50.961root 11241100x80000000000000006859203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9982e87b9192b3a2022-01-05 09:18:50.961root 11241100x80000000000000006859204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431d51ef92b704372022-01-05 09:18:50.961root 11241100x80000000000000006859205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da595c6f0038f4952022-01-05 09:18:50.961root 11241100x80000000000000006859206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87c96ebfdab25b32022-01-05 09:18:50.961root 11241100x80000000000000006859207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f408ea43d33d972022-01-05 09:18:50.961root 11241100x80000000000000006859208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11a0cc8d3384d102022-01-05 09:18:50.961root 11241100x80000000000000006859209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db07e649ed587922022-01-05 09:18:50.962root 11241100x80000000000000006859210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31112587c9b58322022-01-05 09:18:50.962root 11241100x80000000000000006859211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6e38a78f0f2a842022-01-05 09:18:50.962root 11241100x80000000000000006859212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddfaad0be90ac022022-01-05 09:18:50.962root 11241100x80000000000000006859213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cb34bed7713d512022-01-05 09:18:50.962root 11241100x80000000000000006859214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf5bdcc0ceeff902022-01-05 09:18:50.962root 11241100x80000000000000006859215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81c3ad3e10d280a2022-01-05 09:18:50.962root 11241100x80000000000000006859216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d616a1a7bc9425622022-01-05 09:18:51.460root 11241100x80000000000000006859217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32159ffec241d4722022-01-05 09:18:51.460root 11241100x80000000000000006859218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c8212a708740a32022-01-05 09:18:51.460root 11241100x80000000000000006859219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5049947051d0f9d72022-01-05 09:18:51.460root 11241100x80000000000000006859220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3f7fb501ace0272022-01-05 09:18:51.461root 11241100x80000000000000006859221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1edcd8fa9bc9f92022-01-05 09:18:51.461root 11241100x80000000000000006859222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a036f876c1d4a12022-01-05 09:18:51.461root 11241100x80000000000000006859223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6de4c18fb2c3b42022-01-05 09:18:51.461root 11241100x80000000000000006859224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6148716bab9b402022-01-05 09:18:51.461root 11241100x80000000000000006859225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e300042dc7dc91632022-01-05 09:18:51.461root 11241100x80000000000000006859226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d865d6a59f40267f2022-01-05 09:18:51.461root 11241100x80000000000000006859227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8a2a08757cb3182022-01-05 09:18:51.461root 11241100x80000000000000006859228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3265cc5dff46f22022-01-05 09:18:51.461root 11241100x80000000000000006859229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a852ab8f965f12912022-01-05 09:18:51.461root 11241100x80000000000000006859230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc3d9487007598f2022-01-05 09:18:51.461root 11241100x80000000000000006859231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e850f59d5ff336772022-01-05 09:18:51.461root 11241100x80000000000000006859232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb0b7a1e897c75c2022-01-05 09:18:51.461root 11241100x80000000000000006859233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4e587015d438ee2022-01-05 09:18:51.461root 11241100x80000000000000006859234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b09b0e0784add2022-01-05 09:18:51.461root 11241100x80000000000000006859235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b358e741bb02462d2022-01-05 09:18:51.462root 11241100x80000000000000006859236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4efaa00720259e72022-01-05 09:18:51.462root 11241100x80000000000000006859237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c86e8536bee8d552022-01-05 09:18:51.462root 11241100x80000000000000006859238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85692d5730390d502022-01-05 09:18:51.462root 11241100x80000000000000006859239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a707ff85ea14372022-01-05 09:18:51.462root 11241100x80000000000000006859240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eba50adefd76f062022-01-05 09:18:51.462root 11241100x80000000000000006859241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3c274b4b4416eb2022-01-05 09:18:51.462root 11241100x80000000000000006859242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c377f6a119e79bd2022-01-05 09:18:51.462root 11241100x80000000000000006859243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff39830aa37f6bc2022-01-05 09:18:51.960root 11241100x80000000000000006859244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230a70961d429dea2022-01-05 09:18:51.960root 11241100x80000000000000006859245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae6038ec709ac8a2022-01-05 09:18:51.960root 11241100x80000000000000006859246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1483bebadbc8d9e02022-01-05 09:18:51.960root 11241100x80000000000000006859247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2299a0942ac2fcfb2022-01-05 09:18:51.960root 11241100x80000000000000006859248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447a18ee2d6309332022-01-05 09:18:51.960root 11241100x80000000000000006859249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b898c0f721ac8d0e2022-01-05 09:18:51.960root 11241100x80000000000000006859250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aea7a0ff2a82ee22022-01-05 09:18:51.961root 11241100x80000000000000006859251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63de8eb45df408622022-01-05 09:18:51.961root 11241100x80000000000000006859252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29734ce97dbdd7112022-01-05 09:18:51.961root 11241100x80000000000000006859253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99d585e0d7d2152022-01-05 09:18:51.961root 11241100x80000000000000006859254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d17601331979e962022-01-05 09:18:51.961root 11241100x80000000000000006859255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bbf31448d1ce02022-01-05 09:18:51.961root 11241100x80000000000000006859256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f56694cd0104cf2022-01-05 09:18:51.961root 11241100x80000000000000006859257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5570e33f83412dd72022-01-05 09:18:51.961root 11241100x80000000000000006859258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea3dda290b36472022-01-05 09:18:51.961root 11241100x80000000000000006859259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef11fa6fc4bc37e2022-01-05 09:18:51.961root 11241100x80000000000000006859260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193d25987caf8842022-01-05 09:18:51.961root 11241100x80000000000000006859261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a6c2a8f7c401e52022-01-05 09:18:51.962root 11241100x80000000000000006859262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcb0541c145fb732022-01-05 09:18:51.962root 11241100x80000000000000006859263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b116518e0f10c262022-01-05 09:18:51.962root 11241100x80000000000000006859264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03d650a27c6fdf2022-01-05 09:18:51.962root 11241100x80000000000000006859265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9365b0d7833351ae2022-01-05 09:18:51.962root 11241100x80000000000000006859266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f7888af8f8bd0e2022-01-05 09:18:51.962root 11241100x80000000000000006859267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd0349eb01aa142022-01-05 09:18:51.962root 11241100x80000000000000006859268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d925f177f6504092022-01-05 09:18:51.962root 11241100x80000000000000006859269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a87b926b6abe582022-01-05 09:18:51.962root 11241100x80000000000000006859270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412734b2080600be2022-01-05 09:18:52.460root 11241100x80000000000000006859271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66411e3767920c612022-01-05 09:18:52.460root 11241100x80000000000000006859272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1722d425a396da982022-01-05 09:18:52.460root 11241100x80000000000000006859273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd422501810a1f52022-01-05 09:18:52.460root 11241100x80000000000000006859274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ae564980265fae2022-01-05 09:18:52.460root 11241100x80000000000000006859275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c9380f35ea836e2022-01-05 09:18:52.460root 11241100x80000000000000006859276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cd0f63600aeafc2022-01-05 09:18:52.460root 11241100x80000000000000006859277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9fa26715c28aa22022-01-05 09:18:52.461root 11241100x80000000000000006859278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2589afbeea1afd072022-01-05 09:18:52.461root 11241100x80000000000000006859279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30b645b1d3558052022-01-05 09:18:52.461root 11241100x80000000000000006859280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e109b0daf5c1052022-01-05 09:18:52.461root 11241100x80000000000000006859281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eca2bf6dcabc02a2022-01-05 09:18:52.461root 11241100x80000000000000006859282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa51ef098589262022-01-05 09:18:52.461root 11241100x80000000000000006859283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d45ecda6d377342022-01-05 09:18:52.461root 11241100x80000000000000006859284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb5543b0a9f8692022-01-05 09:18:52.461root 11241100x80000000000000006859285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca62688512ddb72022-01-05 09:18:52.461root 11241100x80000000000000006859286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a5df76b4f71802022-01-05 09:18:52.461root 11241100x80000000000000006859287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fb855dfde0f3332022-01-05 09:18:52.461root 11241100x80000000000000006859288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28bff6afed4fb582022-01-05 09:18:52.461root 11241100x80000000000000006859289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba9e8e8eebb48692022-01-05 09:18:52.462root 11241100x80000000000000006859290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b87e7458617452022-01-05 09:18:52.462root 11241100x80000000000000006859291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9016c2ff4682912022-01-05 09:18:52.462root 11241100x80000000000000006859292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeafd7e9b84c748c2022-01-05 09:18:52.462root 11241100x80000000000000006859293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe990d3707827e372022-01-05 09:18:52.462root 11241100x80000000000000006859294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710a86a78f750ff32022-01-05 09:18:52.462root 11241100x80000000000000006859295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47d72048a327dae2022-01-05 09:18:52.462root 11241100x80000000000000006859296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c68d69396e08d2022-01-05 09:18:52.462root 11241100x80000000000000006859297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d32f1f18f0c5572022-01-05 09:18:52.960root 11241100x80000000000000006859298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca863b74644d7dde2022-01-05 09:18:52.960root 11241100x80000000000000006859299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac24e1c2650fc7a2022-01-05 09:18:52.960root 11241100x80000000000000006859300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a49fff4dd43b7002022-01-05 09:18:52.960root 11241100x80000000000000006859301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed0dd64c40503f32022-01-05 09:18:52.960root 11241100x80000000000000006859302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c1a916cb53ee592022-01-05 09:18:52.960root 11241100x80000000000000006859303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46557037663108db2022-01-05 09:18:52.960root 11241100x80000000000000006859304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f537493aebc382022-01-05 09:18:52.960root 11241100x80000000000000006859305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b2e06030a41f12022-01-05 09:18:52.960root 11241100x80000000000000006859306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a426ff05ac5f83332022-01-05 09:18:52.961root 11241100x80000000000000006859307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac028eee13b6c382022-01-05 09:18:52.961root 354300x80000000000000006859339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:01.018{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40664-false10.0.1.12-8000- 11241100x80000000000000006859340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac93499338dce322022-01-05 09:19:01.459root 11241100x80000000000000006859341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b10e62d7748d6652022-01-05 09:19:01.959root 23542300x80000000000000006859342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.403{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006859343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c913d3c4e561a2ac2022-01-05 09:19:02.404root 11241100x80000000000000006859344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bdc9a1bdc2f3f22022-01-05 09:19:02.709root 11241100x80000000000000006859345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28797cf160534dd72022-01-05 09:19:02.709root 11241100x80000000000000006859346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07c466df13b65d62022-01-05 09:19:03.209root 11241100x80000000000000006859347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1568f4482e5aff7b2022-01-05 09:19:03.209root 11241100x80000000000000006859348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9a74dfbe12b5d2022-01-05 09:19:03.709root 11241100x80000000000000006859349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7bd71d0845a042022-01-05 09:19:03.709root 11241100x80000000000000006859350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b45e0d84257952022-01-05 09:19:04.209root 11241100x80000000000000006859351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b51a83cb60ed22022-01-05 09:19:04.209root 11241100x80000000000000006859352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce137d589c63de42022-01-05 09:19:04.709root 11241100x80000000000000006859353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a407d781db98dd8c2022-01-05 09:19:04.709root 154100x80000000000000006859354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.782{ec2e79f3-6288-61d5-6864-0f76bd550000}22916/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000006859355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.793{ec2e79f3-6288-61d5-6864-0f76bd550000}22916/bin/psroot 11241100x80000000000000006859356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d9620f446db6862022-01-05 09:19:05.209root 11241100x80000000000000006859357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19e38f2dc5f999c2022-01-05 09:19:05.209root 11241100x80000000000000006859358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625285c165cab1732022-01-05 09:19:05.209root 11241100x80000000000000006859359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300056c0284416e2022-01-05 09:19:05.209root 11241100x80000000000000006859360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2504ace30e8f5e1d2022-01-05 09:19:05.709root 11241100x80000000000000006859361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54277af64d83bea12022-01-05 09:19:05.709root 11241100x80000000000000006859362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e067e7be4dbfb2382022-01-05 09:19:05.709root 11241100x80000000000000006859363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd26e4851241d78d2022-01-05 09:19:05.709root 11241100x80000000000000006859364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249c13aaebe208af2022-01-05 09:19:06.209root 11241100x80000000000000006859365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf66f0b2bd4752572022-01-05 09:19:06.209root 11241100x80000000000000006859366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167778df691eac762022-01-05 09:19:06.209root 11241100x80000000000000006859367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f6682610abcc92022-01-05 09:19:06.209root 354300x80000000000000006859368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.247{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40666-false10.0.1.12-8000- 11241100x80000000000000006859369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1fece1798aceaf2022-01-05 09:19:06.709root 11241100x80000000000000006859370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64c7e5a47fbbf782022-01-05 09:19:06.709root 11241100x80000000000000006859371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c3a826e9d9eaaa2022-01-05 09:19:06.709root 11241100x80000000000000006859372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0292fc059e0d29d2022-01-05 09:19:06.709root 11241100x80000000000000006859373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79548f73c80fef52022-01-05 09:19:06.709root 11241100x80000000000000006859374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da78870e339cf0512022-01-05 09:19:07.209root 11241100x80000000000000006859375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163249d48efe85372022-01-05 09:19:07.209root 11241100x80000000000000006859376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93088430d9f408de2022-01-05 09:19:07.209root 11241100x80000000000000006859377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ef5a08d51898b82022-01-05 09:19:07.209root 11241100x80000000000000006859378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5af596f8c739b902022-01-05 09:19:07.209root 11241100x80000000000000006859379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385c90e3ad6712672022-01-05 09:19:07.709root 11241100x80000000000000006859380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b0b473b9563d0f2022-01-05 09:19:07.709root 11241100x80000000000000006859381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793fe60ef2aa91ec2022-01-05 09:19:07.709root 11241100x80000000000000006859382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ffbc3687d734a2022-01-05 09:19:07.709root 11241100x80000000000000006859383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c8f624f3e2dee2022-01-05 09:19:07.709root 534500x80000000000000006859384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.162{00000000-0000-0000-0000-000000000000}22917<unknown process>ubuntu 11241100x80000000000000006859385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6857ac3be0fbe2c72022-01-05 09:19:08.163root 11241100x80000000000000006859386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a376ad0b690406432022-01-05 09:19:08.163root 11241100x80000000000000006859387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f19667a5ef7342022-01-05 09:19:08.164root 11241100x80000000000000006859388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828ed1ccc41e7232022-01-05 09:19:08.164root 534500x80000000000000006859389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.164{ec2e79f3-620d-61d5-0000-000000000000}22918-ubuntu 11241100x80000000000000006859390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd15524ce39481f52022-01-05 09:19:08.165root 11241100x80000000000000006859391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash/tmp/sh-thd.06bB7c2022-01-05 09:19:08.165ubuntu 23542300x80000000000000006859392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361ubuntu/bin/bash/tmp/sh-thd.06bB7c--- 11241100x80000000000000006859393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb978ba6d74a882022-01-05 09:19:08.165root 11241100x80000000000000006859394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530fde33ed6fab352022-01-05 09:19:08.459root 11241100x80000000000000006859395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9980b284faa76b02022-01-05 09:19:08.459root 11241100x80000000000000006859396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daeb73fd412a8642022-01-05 09:19:08.459root 11241100x80000000000000006859397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29404e3cc5f12fd92022-01-05 09:19:08.459root 11241100x80000000000000006859398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba863eee007f212022-01-05 09:19:08.459root 11241100x80000000000000006859399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1078c262aae624bf2022-01-05 09:19:08.460root 11241100x80000000000000006859400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c52e0ecf79496512022-01-05 09:19:08.460root 11241100x80000000000000006859401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0ac1a555bbc65e2022-01-05 09:19:08.460root 11241100x80000000000000006859402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ada264a2b7d4c2022-01-05 09:19:08.460root 11241100x80000000000000006859403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b7ca083e4ef9f22022-01-05 09:19:08.959root 11241100x80000000000000006859404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a78eca2b4762db2022-01-05 09:19:08.959root 11241100x80000000000000006859405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c234017549debb2022-01-05 09:19:08.959root 11241100x80000000000000006859406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b3cbaf35546992022-01-05 09:19:08.959root 11241100x80000000000000006859407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9211da7c7f9f82022-01-05 09:19:08.959root 11241100x80000000000000006859408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111b0943dbe4f3382022-01-05 09:19:08.960root 11241100x80000000000000006859409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297472af98a1b0252022-01-05 09:19:08.960root 11241100x80000000000000006859410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeef11fe6c1df962022-01-05 09:19:08.960root 11241100x80000000000000006859411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d364486e4abd07d2022-01-05 09:19:08.960root 11241100x80000000000000006859412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6d1d436949e8532022-01-05 09:19:09.459root 11241100x80000000000000006859413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c2c329dccf98192022-01-05 09:19:09.460root 11241100x80000000000000006859414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03748221138ae9f2022-01-05 09:19:09.460root 11241100x80000000000000006859415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8de4851fcb912d2022-01-05 09:19:09.460root 11241100x80000000000000006859416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f7957b73cf922f2022-01-05 09:19:09.460root 11241100x80000000000000006859417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d19c31755111fc52022-01-05 09:19:09.460root 11241100x80000000000000006859418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4839e94084eec66f2022-01-05 09:19:09.460root 11241100x80000000000000006859419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957e13c70462d4c62022-01-05 09:19:09.460root 11241100x80000000000000006859420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae140c0ac9f9e42022-01-05 09:19:09.460root 154100x80000000000000006859421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.851{ec2e79f3-628d-61d5-d0d9-083fe9550000}22919/bin/cat-----cat /etc/groups/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 534500x80000000000000006859422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-628d-61d5-d0d9-083fe9550000}22919/bin/catubuntu 11241100x80000000000000006859423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071193e82d4f8dd62022-01-05 09:19:09.852root 11241100x80000000000000006859424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc56856dd0258b2022-01-05 09:19:09.852root 11241100x80000000000000006859425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc96c2cde1824b12022-01-05 09:19:09.852root 11241100x80000000000000006859426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f643b1b241063b2022-01-05 09:19:09.852root 11241100x80000000000000006859427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f3e469ea1def52022-01-05 09:19:09.853root 11241100x80000000000000006859428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b267284a547122022-01-05 09:19:09.853root 11241100x80000000000000006859429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6380ab6840958a1b2022-01-05 09:19:09.853root 11241100x80000000000000006859430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65be77334af03a532022-01-05 09:19:09.853root 11241100x80000000000000006859431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e14e2204729a72022-01-05 09:19:09.853root 11241100x80000000000000006859432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e370234ee626122022-01-05 09:19:09.853root 11241100x80000000000000006859433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a70c9e4605f2b92022-01-05 09:19:10.209root 11241100x80000000000000006859434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7d9a2762b3f3af2022-01-05 09:19:10.209root 11241100x80000000000000006859435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28afd6e6e4fdacb2022-01-05 09:19:10.210root 11241100x80000000000000006859436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9592d2e9ed17aa3a2022-01-05 09:19:10.210root 11241100x80000000000000006859437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb1148a2aa02262022-01-05 09:19:10.210root 11241100x80000000000000006859438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629bf23f761127d72022-01-05 09:19:10.210root 11241100x80000000000000006859439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e00e208f29cd5fd2022-01-05 09:19:10.210root 11241100x80000000000000006859440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb1744572977faa2022-01-05 09:19:10.210root 11241100x80000000000000006859441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4009075d60134da2022-01-05 09:19:10.210root 11241100x80000000000000006859442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab0e2740deadfe2022-01-05 09:19:10.210root 11241100x80000000000000006859443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670ec31ac2ea51e2022-01-05 09:19:10.210root 11241100x80000000000000006859444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e0bf67a52dd7312022-01-05 09:19:10.709root 11241100x80000000000000006859445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5318d18ae9365c5e2022-01-05 09:19:10.709root 11241100x80000000000000006859446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7323cef83103a882022-01-05 09:19:10.709root 11241100x80000000000000006859447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b5be74a8e20e052022-01-05 09:19:10.710root 11241100x80000000000000006859448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410c97a9a8f801942022-01-05 09:19:10.710root 11241100x80000000000000006859449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e366eb871782f2022-01-05 09:19:10.710root 11241100x80000000000000006859450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0d29d7e779df162022-01-05 09:19:10.710root 11241100x80000000000000006859451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd759dea28f922b02022-01-05 09:19:10.710root 11241100x80000000000000006859452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234c60abecfdc9b02022-01-05 09:19:10.710root 11241100x80000000000000006859453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f78307ecb5b35c2022-01-05 09:19:10.710root 11241100x80000000000000006859454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82ca25710c2453d2022-01-05 09:19:10.710root 11241100x80000000000000006859455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648a981fe351e35b2022-01-05 09:19:11.209root 11241100x80000000000000006859456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2385a68ffb1d882022-01-05 09:19:11.209root 11241100x80000000000000006859457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead2b4824313b492022-01-05 09:19:11.209root 11241100x80000000000000006859458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de73cd0eab88b8e92022-01-05 09:19:11.210root 11241100x80000000000000006859459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece1a3edea1e83fd2022-01-05 09:19:11.210root 11241100x80000000000000006859460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd67840754a271242022-01-05 09:19:11.210root 11241100x80000000000000006859461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9699dcf0e7ca612022-01-05 09:19:11.210root 11241100x80000000000000006859462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13148048c8362a62022-01-05 09:19:11.210root 11241100x80000000000000006859463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f56e760703acbba2022-01-05 09:19:11.210root 11241100x80000000000000006859464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b05c82512bd7e2022-01-05 09:19:11.210root 11241100x80000000000000006859465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b91b6c68ef4eca22022-01-05 09:19:11.210root 11241100x80000000000000006859466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80478ca6eaa41d922022-01-05 09:19:11.709root 11241100x80000000000000006859467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774314883cb4000d2022-01-05 09:19:11.709root 11241100x80000000000000006859468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca863c5b3ad5aa42022-01-05 09:19:11.709root 11241100x80000000000000006859469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300dd1aafbe70c92022-01-05 09:19:11.710root 11241100x80000000000000006859470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d6c889160d16292022-01-05 09:19:11.710root 11241100x80000000000000006859471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ed699c69f010b12022-01-05 09:19:11.710root 11241100x80000000000000006859472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69aeab9b6dc2e93f2022-01-05 09:19:11.710root 11241100x80000000000000006859473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6540aabe9ac2922022-01-05 09:19:11.710root 11241100x80000000000000006859474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239a928e8d1679da2022-01-05 09:19:11.710root 11241100x80000000000000006859475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253ff88b339754e2022-01-05 09:19:11.710root 11241100x80000000000000006859476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7018e28d52cec62f2022-01-05 09:19:11.710root 354300x80000000000000006859477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.151{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40668-false10.0.1.12-8000- 11241100x80000000000000006859478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfcf3d84c75f2672022-01-05 09:19:12.152root 11241100x80000000000000006859479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c3689ac83c2d72022-01-05 09:19:12.152root 11241100x80000000000000006859480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f423bbe2e9c7e9c52022-01-05 09:19:12.152root 11241100x80000000000000006859481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f298324b73cf9232022-01-05 09:19:12.152root 11241100x80000000000000006859482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7371c17de22fe12022-01-05 09:19:12.152root 11241100x80000000000000006859483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74db5984a2f743802022-01-05 09:19:12.152root 11241100x80000000000000006859484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde29e256002ef3f2022-01-05 09:19:12.152root 11241100x80000000000000006859485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0828398a33fe702022-01-05 09:19:12.153root 11241100x80000000000000006859486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fbd13f709563c92022-01-05 09:19:12.153root 11241100x80000000000000006859487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158373c6a9ac2542022-01-05 09:19:12.153root 11241100x80000000000000006859488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b01d9cbc5eb2d672022-01-05 09:19:12.153root 11241100x80000000000000006859489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3baf2e144e6a5c2022-01-05 09:19:12.153root 11241100x80000000000000006859490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c156f698a29262e2022-01-05 09:19:12.459root 11241100x80000000000000006859491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c812ea6291974d52022-01-05 09:19:12.459root 11241100x80000000000000006859492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300f8cc1f5cc47442022-01-05 09:19:12.459root 11241100x80000000000000006859493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e1ab98cb230bab2022-01-05 09:19:12.460root 11241100x80000000000000006859494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44f39d94ef544d2022-01-05 09:19:12.460root 11241100x80000000000000006859495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e26c3e296813912022-01-05 09:19:12.460root 11241100x80000000000000006859496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23480107b69eeb62022-01-05 09:19:12.460root 11241100x80000000000000006859497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351543330c02cfd02022-01-05 09:19:12.460root 11241100x80000000000000006859498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d6d859ce7104112022-01-05 09:19:12.460root 11241100x80000000000000006859499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528eb9a3d38d485b2022-01-05 09:19:12.460root 11241100x80000000000000006859500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746cae6c744b01c52022-01-05 09:19:12.460root 11241100x80000000000000006859501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a41e107e92f316d2022-01-05 09:19:12.460root 11241100x80000000000000006859502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d25839aacdd5a2022-01-05 09:19:12.959root 11241100x80000000000000006859503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b416745dd00a887d2022-01-05 09:19:12.960root 11241100x80000000000000006859504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a28087937f09752022-01-05 09:19:12.960root 11241100x80000000000000006859505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83d6194d7a83882022-01-05 09:19:12.960root 11241100x80000000000000006859506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b6ce6a180c1bc52022-01-05 09:19:12.960root 11241100x80000000000000006859507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4123a779e0d268432022-01-05 09:19:12.960root 11241100x80000000000000006859508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c4497e040b31e2022-01-05 09:19:12.960root 11241100x80000000000000006859509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56591ca11410ee832022-01-05 09:19:12.960root 11241100x80000000000000006859510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e4dfb012a1b9c2022-01-05 09:19:12.960root 11241100x80000000000000006859511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9461df7e0585a122022-01-05 09:19:12.960root 11241100x80000000000000006859512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395f035ee0beffa2022-01-05 09:19:12.960root 11241100x80000000000000006859513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e718f9dda950022022-01-05 09:19:12.960root 11241100x80000000000000006859514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f2cf05e33451ec2022-01-05 09:19:13.459root 11241100x80000000000000006859515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3d16be92cbb8e62022-01-05 09:19:13.459root 11241100x80000000000000006859516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4e5bb26dbb598d2022-01-05 09:19:13.459root 11241100x80000000000000006859517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f063fe5a6f24854e2022-01-05 09:19:13.460root 11241100x80000000000000006859518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cf7e8272a4a5cb2022-01-05 09:19:13.460root 11241100x80000000000000006859519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c0caae8659f63e2022-01-05 09:19:13.460root 11241100x80000000000000006859520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faede841c9942aa92022-01-05 09:19:13.460root 11241100x80000000000000006859521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380005b28e53fa8e2022-01-05 09:19:13.460root 11241100x80000000000000006859522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c515bed68f86a02022-01-05 09:19:13.460root 11241100x80000000000000006859523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5334db6171a09a4e2022-01-05 09:19:13.460root 11241100x80000000000000006859524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abde228f2e9632942022-01-05 09:19:13.460root 11241100x80000000000000006859525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d6202237d2da62022-01-05 09:19:13.460root 11241100x80000000000000006859526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7cee5643f1478a2022-01-05 09:19:13.959root 11241100x80000000000000006859527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e53efcdeeeaff0a2022-01-05 09:19:13.959root 11241100x80000000000000006859528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78676431de048e6e2022-01-05 09:19:13.959root 11241100x80000000000000006859529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef282cbb12a3a5192022-01-05 09:19:13.960root 11241100x80000000000000006859530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68acb751d2a267f2022-01-05 09:19:13.960root 11241100x80000000000000006859531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22e53e607873a62022-01-05 09:19:13.960root 11241100x80000000000000006859532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bd15af66d392d32022-01-05 09:19:13.960root 11241100x80000000000000006859533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92303d5596ff6f352022-01-05 09:19:13.960root 11241100x80000000000000006859534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb640cc7e68e302022-01-05 09:19:13.960root 11241100x80000000000000006859535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226dfb20b1875632022-01-05 09:19:13.960root 11241100x80000000000000006859536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f0780e9e271a272022-01-05 09:19:13.960root 11241100x80000000000000006859537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9da5166ef6d85de2022-01-05 09:19:13.960root 11241100x80000000000000006859538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd4c9c3ee0fa6642022-01-05 09:19:14.459root 11241100x80000000000000006859539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc4f5f7a61f13d2022-01-05 09:19:14.459root 11241100x80000000000000006859540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc8c23a8797f6a2022-01-05 09:19:14.459root 11241100x80000000000000006859541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a67074e9ba531d22022-01-05 09:19:14.460root 11241100x80000000000000006859542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a592a74694d583ef2022-01-05 09:19:14.460root 11241100x80000000000000006859543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a0c80f9e9326402022-01-05 09:19:14.460root 11241100x80000000000000006859544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75a204b5bc23662022-01-05 09:19:14.460root 11241100x80000000000000006859545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fe1190bb296d762022-01-05 09:19:14.460root 11241100x80000000000000006859546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f576ca1c43984982022-01-05 09:19:14.460root 11241100x80000000000000006859547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a412f44260ce632022-01-05 09:19:14.460root 11241100x80000000000000006859548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e03738ca1b62752022-01-05 09:19:14.460root 11241100x80000000000000006859549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a07cfd7675ef6d32022-01-05 09:19:14.460root 11241100x80000000000000006859550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536354ec4a773a152022-01-05 09:19:14.959root 11241100x80000000000000006859551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c6465c49318fc42022-01-05 09:19:14.959root 11241100x80000000000000006859552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fbee70b0794c582022-01-05 09:19:14.959root 11241100x80000000000000006859553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611b9f17111377f92022-01-05 09:19:14.960root 11241100x80000000000000006859554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8240fcaedefc1d82022-01-05 09:19:14.960root 11241100x80000000000000006859555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e504108ed280c2022-01-05 09:19:14.960root 11241100x80000000000000006859556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce194d0603a29d4b2022-01-05 09:19:14.960root 11241100x80000000000000006859557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0118bd3fd471882022-01-05 09:19:14.960root 11241100x80000000000000006859558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b362f9a9efaeed2022-01-05 09:19:14.960root 11241100x80000000000000006859559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca0c250b62df5e2022-01-05 09:19:14.960root 11241100x80000000000000006859560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa1d11a13c07c962022-01-05 09:19:14.960root 11241100x80000000000000006859561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf99676e38e5d782022-01-05 09:19:14.960root 11241100x80000000000000006859562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a10ec49595f14132022-01-05 09:19:15.459root 11241100x80000000000000006859563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef90877f1e23cf52022-01-05 09:19:15.459root 11241100x80000000000000006859564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eade1eae2b071e2022-01-05 09:19:15.460root 11241100x80000000000000006859565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac2d947c8582af82022-01-05 09:19:15.460root 11241100x80000000000000006859566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf8483036f475922022-01-05 09:19:15.460root 11241100x80000000000000006859567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3645ba1c10cfc582022-01-05 09:19:15.460root 11241100x80000000000000006859568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1d96f69c5efa12022-01-05 09:19:15.460root 11241100x80000000000000006859569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927e0cef4222951d2022-01-05 09:19:15.460root 11241100x80000000000000006859570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff0a447f9da67582022-01-05 09:19:15.460root 11241100x80000000000000006859571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766b089a7d86c932022-01-05 09:19:15.460root 11241100x80000000000000006859572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547446e8c81adbef2022-01-05 09:19:15.461root 11241100x80000000000000006859573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386d897a04dd19192022-01-05 09:19:15.461root 11241100x80000000000000006859574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b88dd2893449de2022-01-05 09:19:15.959root 11241100x80000000000000006859575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e1f31c677f86892022-01-05 09:19:15.959root 11241100x80000000000000006859576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6421749a9ac2162022-01-05 09:19:15.960root 11241100x80000000000000006859577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6170a37f9755ab2022-01-05 09:19:15.960root 11241100x80000000000000006859578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6479e04c46ed1ee02022-01-05 09:19:15.960root 11241100x80000000000000006859579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978352b5db199c962022-01-05 09:19:15.960root 11241100x80000000000000006859580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620661cdc9266ece2022-01-05 09:19:15.960root 11241100x80000000000000006859581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7daa951dc674dfa2022-01-05 09:19:15.960root 11241100x80000000000000006859582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598fdc5d52aa71362022-01-05 09:19:15.960root 11241100x80000000000000006859583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769545d58a5ebadf2022-01-05 09:19:15.960root 11241100x80000000000000006859584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c961c2fbba1d5fed2022-01-05 09:19:15.960root 11241100x80000000000000006859585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8baeb3ca78fd6922022-01-05 09:19:15.960root 11241100x80000000000000006859586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7da2da3f25495212022-01-05 09:19:16.460root 11241100x80000000000000006859587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b54dc678fb98622022-01-05 09:19:16.460root 11241100x80000000000000006859588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10d224d54562c462022-01-05 09:19:16.460root 11241100x80000000000000006859589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d5c3c7657647322022-01-05 09:19:16.460root 11241100x80000000000000006859590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d637746b29170df62022-01-05 09:19:16.460root 11241100x80000000000000006859591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13126bf5711f0c022022-01-05 09:19:16.460root 11241100x80000000000000006859592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9ff512137de7742022-01-05 09:19:16.460root 11241100x80000000000000006859593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88b8cb7742df8752022-01-05 09:19:16.460root 11241100x80000000000000006859594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec04df261d4b4ad92022-01-05 09:19:16.460root 11241100x80000000000000006859595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa3cfa597942a972022-01-05 09:19:16.461root 11241100x80000000000000006859596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5920bb8802b294bb2022-01-05 09:19:16.461root 11241100x80000000000000006859597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952fe8944ced8e02022-01-05 09:19:16.461root 11241100x80000000000000006859598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467e0c4f87c1928c2022-01-05 09:19:16.959root 11241100x80000000000000006859599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e317432c36eb4692022-01-05 09:19:16.959root 11241100x80000000000000006859600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070da3ebba15a4262022-01-05 09:19:16.960root 11241100x80000000000000006859601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698f997e6750a0e52022-01-05 09:19:16.960root 11241100x80000000000000006859602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f9a726e21d909d2022-01-05 09:19:16.960root 11241100x80000000000000006859603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1274881e41312f32022-01-05 09:19:16.960root 11241100x80000000000000006859604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d641db0a09b3b52022-01-05 09:19:16.960root 11241100x80000000000000006859605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e6c6748eec8ac62022-01-05 09:19:16.960root 11241100x80000000000000006859606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2d8316d9e689ba2022-01-05 09:19:16.960root 11241100x80000000000000006859607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe67b27799286b22022-01-05 09:19:16.960root 11241100x80000000000000006859608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec112a1549a774f32022-01-05 09:19:16.960root 11241100x80000000000000006859609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a6b9839c30ba702022-01-05 09:19:16.960root 11241100x80000000000000006859610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa43911a9e3f4f32022-01-05 09:19:17.459root 11241100x80000000000000006859611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5114cff893ed7302022-01-05 09:19:17.459root 11241100x80000000000000006859612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14eb8038717850e2022-01-05 09:19:17.459root 11241100x80000000000000006859613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e15a2ed98b469d2022-01-05 09:19:17.460root 11241100x80000000000000006859614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70436d7b45ef0172022-01-05 09:19:17.460root 11241100x80000000000000006859615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5671840a09fd8e2022-01-05 09:19:17.460root 11241100x80000000000000006859616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1121700a83d7ec2022-01-05 09:19:17.460root 11241100x80000000000000006859617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c6fc7def434692022-01-05 09:19:17.460root 11241100x80000000000000006859618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729ec1c7d3958652022-01-05 09:19:17.460root 11241100x80000000000000006859619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec9c7406f9a58e2022-01-05 09:19:17.460root 11241100x80000000000000006859620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55d730af8f05e752022-01-05 09:19:17.460root 11241100x80000000000000006859621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba8b514c1c397b92022-01-05 09:19:17.460root 11241100x80000000000000006859622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07c6d54f6593c1e2022-01-05 09:19:17.959root 11241100x80000000000000006859623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c03207f00c16d62022-01-05 09:19:17.959root 11241100x80000000000000006859624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4732af1e2922ec122022-01-05 09:19:17.960root 11241100x80000000000000006859625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85855335bb8ded0a2022-01-05 09:19:17.960root 11241100x80000000000000006859626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be0000c4e465a042022-01-05 09:19:17.960root 11241100x80000000000000006859627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb0a75ef3ad52e52022-01-05 09:19:17.960root 11241100x80000000000000006859628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300419221c45f39e2022-01-05 09:19:17.960root 11241100x80000000000000006859629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70be2c745144a2c62022-01-05 09:19:17.960root 11241100x80000000000000006859630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1f0e6364920ef12022-01-05 09:19:17.960root 11241100x80000000000000006859631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53678cf44aa6a0222022-01-05 09:19:17.960root 11241100x80000000000000006859632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a2a252cef53e422022-01-05 09:19:17.960root 11241100x80000000000000006859633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b88db14915afef2022-01-05 09:19:17.960root 354300x80000000000000006859634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.079{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40670-false10.0.1.12-8000- 11241100x80000000000000006859635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b62e22521fe7f2022-01-05 09:19:18.459root 11241100x80000000000000006859636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca94323229df3f5f2022-01-05 09:19:18.460root 11241100x80000000000000006859637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea20bd0ba18e9852022-01-05 09:19:18.460root 11241100x80000000000000006859638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1315654ced455b22022-01-05 09:19:18.460root 11241100x80000000000000006859639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdcbe5b35cff97f2022-01-05 09:19:18.460root 11241100x80000000000000006859640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e9ee58b780f1ff2022-01-05 09:19:18.460root 11241100x80000000000000006859641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d337a0469eac4d2022-01-05 09:19:18.460root 11241100x80000000000000006859642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494bd0f141365802022-01-05 09:19:18.460root 11241100x80000000000000006859643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfa899f549b42a2022-01-05 09:19:18.460root 11241100x80000000000000006859644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efb7d30219e55382022-01-05 09:19:18.460root 11241100x80000000000000006859645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bcfdb6d8628d672022-01-05 09:19:18.460root 11241100x80000000000000006859646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02edd0bb8eeacbb2022-01-05 09:19:18.460root 11241100x80000000000000006859647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8030ccf67773b95c2022-01-05 09:19:18.460root 11241100x80000000000000006859648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f03986118c68eb2022-01-05 09:19:18.959root 11241100x80000000000000006859649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd4d88c4cb759cb2022-01-05 09:19:18.960root 11241100x80000000000000006859650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2e6ce5b7e24bd2022-01-05 09:19:18.960root 11241100x80000000000000006859651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f99e299a062ca62022-01-05 09:19:18.960root 11241100x80000000000000006859652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9120554c2c133ef2022-01-05 09:19:18.960root 11241100x80000000000000006859653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692889112f7bab9c2022-01-05 09:19:18.960root 11241100x80000000000000006859654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fb06dcaad656bb2022-01-05 09:19:18.960root 11241100x80000000000000006859655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e1fcfefca4d0082022-01-05 09:19:18.960root 11241100x80000000000000006859656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e1e1da38546012022-01-05 09:19:18.960root 11241100x80000000000000006859657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a61acde4cf174b62022-01-05 09:19:18.960root 11241100x80000000000000006859658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c16be29669b1f5f2022-01-05 09:19:18.960root 11241100x80000000000000006859659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774fedce410b416b2022-01-05 09:19:18.960root 11241100x80000000000000006859660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eff7302bcedabdd2022-01-05 09:19:18.961root 11241100x80000000000000006859661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5bdbc498b4e9a2022-01-05 09:19:19.460root 11241100x80000000000000006859662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1fd9e04f9008e2022-01-05 09:19:19.460root 11241100x80000000000000006859663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256a0f241bdad68c2022-01-05 09:19:19.460root 11241100x80000000000000006859664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7f2b97ff8071bb2022-01-05 09:19:19.460root 11241100x80000000000000006859665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3642c3bb6b921c2022-01-05 09:19:19.460root 11241100x80000000000000006859666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00bc6ca2585a1e2022-01-05 09:19:19.460root 11241100x80000000000000006859667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e349b711fa1675af2022-01-05 09:19:19.460root 11241100x80000000000000006859668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128b177eac3ea7ca2022-01-05 09:19:19.460root 11241100x80000000000000006859669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5496ade4883308792022-01-05 09:19:19.462root 11241100x80000000000000006859670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdb80a0184526222022-01-05 09:19:19.462root 11241100x80000000000000006859671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d0bb8ffda7a4662022-01-05 09:19:19.462root 11241100x80000000000000006859672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a023f9e309030452022-01-05 09:19:19.462root 11241100x80000000000000006859673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f67795b00eb60532022-01-05 09:19:19.462root 11241100x80000000000000006859674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a54387d0371da2022-01-05 09:19:19.959root 11241100x80000000000000006859675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff216b1dce5b20b2022-01-05 09:19:19.959root 11241100x80000000000000006859676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f94a42349aa473e2022-01-05 09:19:19.960root 11241100x80000000000000006859677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2d5f7257076062022-01-05 09:19:19.960root 11241100x80000000000000006859678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8816e4d60de2192022-01-05 09:19:19.960root 11241100x80000000000000006859679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd3ad183e748462022-01-05 09:19:19.960root 11241100x80000000000000006859680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00753459538efc892022-01-05 09:19:19.960root 11241100x80000000000000006859681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a5b4f701ccced12022-01-05 09:19:19.960root 11241100x80000000000000006859682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e4f27dcbc844fb2022-01-05 09:19:19.960root 11241100x80000000000000006859683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0b4cf970ac32e82022-01-05 09:19:19.960root 11241100x80000000000000006859684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de361f56f960c352022-01-05 09:19:19.960root 11241100x80000000000000006859685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a14633741bb8b22022-01-05 09:19:19.960root 11241100x80000000000000006859686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd35271acb13facd2022-01-05 09:19:19.960root 11241100x80000000000000006859687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e75feeb1b7601d2022-01-05 09:19:20.459root 11241100x80000000000000006859688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0cf9ef62d6ffbc2022-01-05 09:19:20.459root 11241100x80000000000000006859689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3a559a141986ad2022-01-05 09:19:20.460root 11241100x80000000000000006859690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3d5e27cfb21f72022-01-05 09:19:20.460root 11241100x80000000000000006859691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21082129a5bb03cb2022-01-05 09:19:20.460root 11241100x80000000000000006859692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a335a1b09f01d2022-01-05 09:19:20.460root 11241100x80000000000000006859693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7376ec5b6f79862022-01-05 09:19:20.460root 11241100x80000000000000006859694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453e858edf30d3162022-01-05 09:19:20.460root 11241100x80000000000000006859695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9578ee7405b22edf2022-01-05 09:19:20.460root 11241100x80000000000000006859696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9437a675022d5c2022-01-05 09:19:20.460root 11241100x80000000000000006859697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfa80419fa771562022-01-05 09:19:20.460root 11241100x80000000000000006859698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4637d1d581594ba52022-01-05 09:19:20.460root 11241100x80000000000000006859699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f531d6e90a45bf42022-01-05 09:19:20.460root 11241100x80000000000000006859700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f428c5eaf18947482022-01-05 09:19:20.959root 11241100x80000000000000006859701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed159b5aee04d2a2022-01-05 09:19:20.959root 11241100x80000000000000006859702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96662098bba99c7a2022-01-05 09:19:20.960root 11241100x80000000000000006859703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6567473228343a3b2022-01-05 09:19:20.960root 11241100x80000000000000006859704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2252dd1c76db482022-01-05 09:19:20.960root 11241100x80000000000000006859705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c57e80cb455c522022-01-05 09:19:20.960root 11241100x80000000000000006859706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f381ae900404cca02022-01-05 09:19:20.960root 11241100x80000000000000006859707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5cae449e51710e2022-01-05 09:19:20.960root 11241100x80000000000000006859708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a02a421712bbc22022-01-05 09:19:20.960root 11241100x80000000000000006859709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3942749d006c0532022-01-05 09:19:20.960root 11241100x80000000000000006859710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c56e25ce042a3e2022-01-05 09:19:20.960root 11241100x80000000000000006859711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696510bda2885c752022-01-05 09:19:20.960root 11241100x80000000000000006859712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6909982855b3ecd62022-01-05 09:19:20.960root 11241100x80000000000000006859713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a1a4eafc0e7d0f2022-01-05 09:19:21.459root 11241100x80000000000000006859714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c506230b62a650e2022-01-05 09:19:21.460root 11241100x80000000000000006859715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af1d402601035042022-01-05 09:19:21.460root 11241100x80000000000000006859716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0716bf0e4d7aeab12022-01-05 09:19:21.460root 11241100x80000000000000006859717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcab3ed614a69fa2022-01-05 09:19:21.460root 11241100x80000000000000006859718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e616da6daabea42022-01-05 09:19:21.460root 11241100x80000000000000006859719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2780c232d4f097b2022-01-05 09:19:21.460root 11241100x80000000000000006859720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fb2aecaaee85602022-01-05 09:19:21.460root 11241100x80000000000000006859721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b990380adcc9bd2022-01-05 09:19:21.460root 11241100x80000000000000006859722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abf04a561d191e62022-01-05 09:19:21.460root 11241100x80000000000000006859723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3befe1930e0e202022-01-05 09:19:21.460root 11241100x80000000000000006859724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510bcac8383b3c6c2022-01-05 09:19:21.460root 11241100x80000000000000006859725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee8b5335f9e12122022-01-05 09:19:21.460root 11241100x80000000000000006859726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d97e6dbc3b5f62022-01-05 09:19:21.959root 11241100x80000000000000006859727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82196be82998bd2022-01-05 09:19:21.959root 11241100x80000000000000006859728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6508895072ad22022-01-05 09:19:21.960root 11241100x80000000000000006859729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52764789a29fe2dc2022-01-05 09:19:21.960root 11241100x80000000000000006859730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba958dd5ceae1f6c2022-01-05 09:19:21.960root 11241100x80000000000000006859731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5120699c100eb95b2022-01-05 09:19:21.960root 11241100x80000000000000006859732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a317c8a8f3fa49fd2022-01-05 09:19:21.960root 11241100x80000000000000006859733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a7ca9a68c11d92022-01-05 09:19:21.960root 11241100x80000000000000006859734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018ea80a6a04e6932022-01-05 09:19:21.960root 11241100x80000000000000006859735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eda2d56c710816f2022-01-05 09:19:21.960root 11241100x80000000000000006859736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34351ddf20cf6732022-01-05 09:19:21.960root 11241100x80000000000000006859737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc03447c12aa64ef2022-01-05 09:19:21.960root 11241100x80000000000000006859738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c72e82ba5e72842022-01-05 09:19:21.960root 11241100x80000000000000006859739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25bcfa5d4a07542022-01-05 09:19:22.459root 11241100x80000000000000006859740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7a36f92cd7182c2022-01-05 09:19:22.459root 11241100x80000000000000006859741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25e2fc4a782713f2022-01-05 09:19:22.460root 11241100x80000000000000006859742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca1b31e95138c72022-01-05 09:19:22.460root 11241100x80000000000000006859743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d8b650ece61d902022-01-05 09:19:22.460root 11241100x80000000000000006859744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd080124a35909f22022-01-05 09:19:22.460root 11241100x80000000000000006859745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9be5d9db8e7b5d12022-01-05 09:19:22.460root 11241100x80000000000000006859746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333927420ee6e2742022-01-05 09:19:22.460root 11241100x80000000000000006859747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d1d6c6b603c342022-01-05 09:19:22.460root 11241100x80000000000000006859748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aed289299a84d882022-01-05 09:19:22.460root 11241100x80000000000000006859749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed3b3ef44864982022-01-05 09:19:22.460root 11241100x80000000000000006859750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8569a3a0b45ee62022-01-05 09:19:22.460root 11241100x80000000000000006859751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dde7d1715b6aab2022-01-05 09:19:22.460root 11241100x80000000000000006859752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a6ece1a3689e452022-01-05 09:19:22.959root 11241100x80000000000000006859753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2becb32b535007052022-01-05 09:19:22.959root 11241100x80000000000000006859754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f546be691a8a411e2022-01-05 09:19:22.960root 11241100x80000000000000006859755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9182405cc4d37e2022-01-05 09:19:22.960root 11241100x80000000000000006859756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912f2a9ae2d20b892022-01-05 09:19:22.960root 11241100x80000000000000006859757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a83d13d437faa2022-01-05 09:19:22.960root 11241100x80000000000000006859758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65810d64d1983f22022-01-05 09:19:22.960root 11241100x80000000000000006859759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0922f2e3b97f2aac2022-01-05 09:19:22.960root 11241100x80000000000000006859760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc681c506a709d12022-01-05 09:19:22.960root 11241100x80000000000000006859761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5828d22c4819c2022-01-05 09:19:22.960root 11241100x80000000000000006859762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26410c5bd4a4a43e2022-01-05 09:19:22.960root 11241100x80000000000000006859763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bca7a6b539010e32022-01-05 09:19:22.960root 11241100x80000000000000006859764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445bb0422e5959c2022-01-05 09:19:22.961root 11241100x80000000000000006859765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703bdf531852f9692022-01-05 09:19:23.459root 11241100x80000000000000006859766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba80df93bf138442022-01-05 09:19:23.459root 11241100x80000000000000006859767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023bb6b344002002022-01-05 09:19:23.460root 11241100x80000000000000006859768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78edbe54b1f35272022-01-05 09:19:23.460root 11241100x80000000000000006859769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587db07062e5c0742022-01-05 09:19:23.460root 11241100x80000000000000006859770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce594bce16869c02022-01-05 09:19:23.460root 11241100x80000000000000006859771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104efe67543175572022-01-05 09:19:23.460root 11241100x80000000000000006859772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632a250c41303922022-01-05 09:19:23.460root 11241100x80000000000000006859773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f9c9790bf86f12022-01-05 09:19:23.460root 11241100x80000000000000006859774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe94e75d159caae82022-01-05 09:19:23.460root 11241100x80000000000000006859775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3612f6fe701ab52022-01-05 09:19:23.460root 11241100x80000000000000006859776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6fcef4c676a0452022-01-05 09:19:23.460root 11241100x80000000000000006859777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23485e5345e2c4012022-01-05 09:19:23.460root 11241100x80000000000000006859778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e60f67ec43ae3d2022-01-05 09:19:23.959root 11241100x80000000000000006859779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f843ebf639b7a7ad2022-01-05 09:19:23.960root 11241100x80000000000000006859780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8d6a75a9e3ea4e2022-01-05 09:19:23.960root 11241100x80000000000000006859781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1b673f3a9997162022-01-05 09:19:23.960root 11241100x80000000000000006859782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca52c3307c37cb2022-01-05 09:19:23.960root 11241100x80000000000000006859783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c559b6eef4a3fa02022-01-05 09:19:23.960root 11241100x80000000000000006859784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73caac78a2fc1f542022-01-05 09:19:23.960root 11241100x80000000000000006859785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95120a2f1655912a2022-01-05 09:19:23.960root 11241100x80000000000000006859786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a746606e4bff5b2022-01-05 09:19:23.960root 11241100x80000000000000006859787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c59aa770715be4c2022-01-05 09:19:23.960root 11241100x80000000000000006859788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986dbd1777b84602022-01-05 09:19:23.961root 11241100x80000000000000006859789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac99e9aff1380ff52022-01-05 09:19:23.961root 11241100x80000000000000006859790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1255b80626a6d1612022-01-05 09:19:23.961root 354300x80000000000000006859791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.061{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40672-false10.0.1.12-8000- 11241100x80000000000000006859792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303d921c69794e72022-01-05 09:19:24.459root 11241100x80000000000000006859793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899d370e2f64552c2022-01-05 09:19:24.459root 11241100x80000000000000006859794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63dd60f004d9c722022-01-05 09:19:24.460root 11241100x80000000000000006859795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6b2d3fc83183b2022-01-05 09:19:24.460root 11241100x80000000000000006859796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069aedce99b269172022-01-05 09:19:24.460root 11241100x80000000000000006859797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b428592e760add12022-01-05 09:19:24.460root 11241100x80000000000000006859798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8f05f32a9927932022-01-05 09:19:24.460root 11241100x80000000000000006859799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c01424cd7a472012022-01-05 09:19:24.460root 11241100x80000000000000006859800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490b5e21ef82d1cd2022-01-05 09:19:24.460root 11241100x80000000000000006859801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ab3d4f574f913b2022-01-05 09:19:24.460root 11241100x80000000000000006859802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb14fb94accdf842022-01-05 09:19:24.460root 11241100x80000000000000006859803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7786f324768456cc2022-01-05 09:19:24.460root 11241100x80000000000000006859804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d885b09778217c2022-01-05 09:19:24.460root 11241100x80000000000000006859805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a61252ac2ea16822022-01-05 09:19:24.460root 11241100x80000000000000006859806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ee06523cd18b72022-01-05 09:19:24.959root 11241100x80000000000000006859807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3499d771060da72022-01-05 09:19:24.959root 11241100x80000000000000006859808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26828cc65428e5a62022-01-05 09:19:24.960root 11241100x80000000000000006859809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b9b3e4e72fa7e2022-01-05 09:19:24.960root 11241100x80000000000000006859810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e84d5878ce5d9e2022-01-05 09:19:24.960root 11241100x80000000000000006859811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbf22d78ad270a72022-01-05 09:19:24.960root 11241100x80000000000000006859812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0497fc59da1c2aac2022-01-05 09:19:24.960root 11241100x80000000000000006859813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ef19038baaef352022-01-05 09:19:24.960root 11241100x80000000000000006859814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e7e050d90bc442022-01-05 09:19:24.960root 11241100x80000000000000006859815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0d224ca3fb0bdb2022-01-05 09:19:24.960root 11241100x80000000000000006859816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dd2d47eb048bfc2022-01-05 09:19:24.960root 11241100x80000000000000006859817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e18854770179e92022-01-05 09:19:24.961root 11241100x80000000000000006859818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a512c28744c9c6152022-01-05 09:19:24.961root 11241100x80000000000000006859819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e619346af8fa21fb2022-01-05 09:19:24.961root 11241100x80000000000000006859820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cf61f734b139782022-01-05 09:19:25.459root 11241100x80000000000000006859821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4cfa73078565e02022-01-05 09:19:25.459root 11241100x80000000000000006859822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d5a7722df890b02022-01-05 09:19:25.460root 11241100x80000000000000006859823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90e97adea1c1efe2022-01-05 09:19:25.460root 11241100x80000000000000006859824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cdf42ab852e0f32022-01-05 09:19:25.460root 11241100x80000000000000006859825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44753d9d127aa6112022-01-05 09:19:25.460root 11241100x80000000000000006859826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac735582885d4362022-01-05 09:19:25.460root 11241100x80000000000000006859827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d300e4e63b9588eb2022-01-05 09:19:25.460root 11241100x80000000000000006859828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084e1bb1a55430942022-01-05 09:19:25.460root 11241100x80000000000000006859829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec47c61e868824f2022-01-05 09:19:25.460root 11241100x80000000000000006859830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdfa8c44baed0942022-01-05 09:19:25.460root 11241100x80000000000000006859831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387cc526935c35902022-01-05 09:19:25.461root 11241100x80000000000000006859832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a74cb0dd4826262022-01-05 09:19:25.461root 11241100x80000000000000006859833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0032198d1a3427862022-01-05 09:19:25.461root 11241100x80000000000000006859834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5273d94f98aaa112022-01-05 09:19:25.959root 11241100x80000000000000006859835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8959e4cabb21be22022-01-05 09:19:25.959root 11241100x80000000000000006859836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1c5a3e4a375e292022-01-05 09:19:25.960root 11241100x80000000000000006859837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ec50cda245abed2022-01-05 09:19:25.960root 11241100x80000000000000006859838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d02d0d7063435f2022-01-05 09:19:25.960root 11241100x80000000000000006859839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d995b5547c79cd2022-01-05 09:19:25.960root 11241100x80000000000000006859840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e739732d80af2a12022-01-05 09:19:25.960root 11241100x80000000000000006859841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f7bdb048f5db642022-01-05 09:19:25.960root 11241100x80000000000000006859842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf416eca1f213182022-01-05 09:19:25.960root 11241100x80000000000000006859843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ebbd0c6638aeb52022-01-05 09:19:25.960root 11241100x80000000000000006859844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e7f6a3e38371ac2022-01-05 09:19:25.960root 11241100x80000000000000006859845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997a323fc6226f02022-01-05 09:19:25.961root 11241100x80000000000000006859846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d8db188ac212362022-01-05 09:19:25.961root 11241100x80000000000000006859847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b13ab5ff7bce3a2022-01-05 09:19:25.961root 11241100x80000000000000006859848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d85689b91c04582022-01-05 09:19:26.459root 11241100x80000000000000006859849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a80a980771c8e2022-01-05 09:19:26.459root 11241100x80000000000000006859850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc5e47ff3110862022-01-05 09:19:26.460root 11241100x80000000000000006859851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90fd4e5eedb14452022-01-05 09:19:26.460root 11241100x80000000000000006859852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24bdd65870b71482022-01-05 09:19:26.460root 11241100x80000000000000006859853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f999217a4cc982022-01-05 09:19:26.460root 11241100x80000000000000006859854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36d968e0bbd4af2022-01-05 09:19:26.460root 11241100x80000000000000006859855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc0535817b5873a2022-01-05 09:19:26.460root 11241100x80000000000000006859856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b05505c8bd65fb2022-01-05 09:19:26.460root 11241100x80000000000000006859857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc261959616aaf8d2022-01-05 09:19:26.460root 11241100x80000000000000006859858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857299b7730a39d62022-01-05 09:19:26.460root 11241100x80000000000000006859859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d91c8cdd1f2ea2022-01-05 09:19:26.461root 11241100x80000000000000006859860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c068f4b881e1d2b2022-01-05 09:19:26.461root 11241100x80000000000000006859861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fdbfe5dfc81312022-01-05 09:19:26.461root 11241100x80000000000000006859862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcb79e06ef7b46a2022-01-05 09:19:26.959root 11241100x80000000000000006859863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5038c96424b25dd2022-01-05 09:19:26.959root 11241100x80000000000000006859864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01529afc8f9794792022-01-05 09:19:26.960root 11241100x80000000000000006859865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5570f258361396262022-01-05 09:19:26.960root 11241100x80000000000000006859866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899973db3cfc6302022-01-05 09:19:26.960root 11241100x80000000000000006859867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641051b8669ccfe2022-01-05 09:19:26.960root 11241100x80000000000000006859868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0172a6551405b22022-01-05 09:19:26.960root 11241100x80000000000000006859869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0263e96ee5d46c2022-01-05 09:19:26.960root 11241100x80000000000000006859870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467134fa36ddad5a2022-01-05 09:19:26.960root 11241100x80000000000000006859871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c268c0710e1390052022-01-05 09:19:26.960root 11241100x80000000000000006859872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099bbb3dedae68632022-01-05 09:19:26.960root 11241100x80000000000000006859873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fab480d2c0436512022-01-05 09:19:26.961root 11241100x80000000000000006859874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc5a6810788071e2022-01-05 09:19:26.961root 11241100x80000000000000006859875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5d0a93076736d72022-01-05 09:19:26.961root 11241100x80000000000000006859876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d51f381d54027b2022-01-05 09:19:27.459root 11241100x80000000000000006859877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497bf0373acc01852022-01-05 09:19:27.459root 11241100x80000000000000006859878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088b46d9a298cdf22022-01-05 09:19:27.460root 11241100x80000000000000006859879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee84a0c957eb432022-01-05 09:19:27.460root 11241100x80000000000000006859880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da976c645754a4bf2022-01-05 09:19:27.460root 11241100x80000000000000006859881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7fe79c4c4f7cce2022-01-05 09:19:27.460root 11241100x80000000000000006859882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acf3cba4be6d5c52022-01-05 09:19:27.460root 11241100x80000000000000006859883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8204a72bd852bc2022-01-05 09:19:27.460root 11241100x80000000000000006859884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0499a5a0230d97752022-01-05 09:19:27.460root 11241100x80000000000000006859885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63c8d72913049712022-01-05 09:19:27.461root 11241100x80000000000000006859886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4812876c3faf352022-01-05 09:19:27.461root 11241100x80000000000000006859887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9bee9ac717b0b72022-01-05 09:19:27.461root 11241100x80000000000000006859888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7bf0e519e716bc2022-01-05 09:19:27.461root 11241100x80000000000000006859889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d173cd2195c8e5842022-01-05 09:19:27.461root 11241100x80000000000000006859890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769d81bfdba19ec2022-01-05 09:19:27.959root 11241100x80000000000000006859891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18479d68c8e19de92022-01-05 09:19:27.960root 11241100x80000000000000006859892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7ce2470eebd362022-01-05 09:19:27.960root 11241100x80000000000000006859893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03008f4dfe1d90cd2022-01-05 09:19:27.960root 11241100x80000000000000006859894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584c2f636abe83e42022-01-05 09:19:27.960root 11241100x80000000000000006859895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2682c7eb024c5cbf2022-01-05 09:19:27.960root 11241100x80000000000000006859896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401053a14695ef7d2022-01-05 09:19:27.960root 11241100x80000000000000006859897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1f162140ab50022022-01-05 09:19:27.960root 11241100x80000000000000006859898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3198b4ad566f759b2022-01-05 09:19:27.960root 11241100x80000000000000006859899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336af6192b8a1de32022-01-05 09:19:27.960root 11241100x80000000000000006859900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e408c40e3edec9242022-01-05 09:19:27.961root 11241100x80000000000000006859901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819073a4e617b9e02022-01-05 09:19:27.961root 11241100x80000000000000006859902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37bc3a250b05902022-01-05 09:19:27.961root 11241100x80000000000000006859903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b56fcc1d60dbd972022-01-05 09:19:27.961root 11241100x80000000000000006859904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485e4bc1552586492022-01-05 09:19:28.459root 11241100x80000000000000006859905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44603826fdd647b2022-01-05 09:19:28.459root 11241100x80000000000000006859906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8591dd9effd9a1752022-01-05 09:19:28.460root 11241100x80000000000000006859907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d853874c6024815f2022-01-05 09:19:28.460root 11241100x80000000000000006859908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414216c6ababab242022-01-05 09:19:28.460root 11241100x80000000000000006859909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cc995f784493d82022-01-05 09:19:28.460root 11241100x80000000000000006859910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa6b97f69dc89ef2022-01-05 09:19:28.460root 11241100x80000000000000006859911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45977e0582312e72022-01-05 09:19:28.460root 11241100x80000000000000006859912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1b86aade173b72022-01-05 09:19:28.460root 11241100x80000000000000006859913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e13ec7b3847e7ae2022-01-05 09:19:28.460root 11241100x80000000000000006859914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d9757944a01b392022-01-05 09:19:28.460root 11241100x80000000000000006859915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665315d8744d08b32022-01-05 09:19:28.461root 11241100x80000000000000006859916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f26a58dad213052022-01-05 09:19:28.461root 11241100x80000000000000006859917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7533a87552057c2022-01-05 09:19:28.461root 11241100x80000000000000006859918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae2aa6d8ba3473b2022-01-05 09:19:28.959root 11241100x80000000000000006859919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f003af6f69651462022-01-05 09:19:28.960root 11241100x80000000000000006859920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca28420922acae6e2022-01-05 09:19:28.960root 11241100x80000000000000006859921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2288611bc8faa72022-01-05 09:19:28.960root 11241100x80000000000000006859922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf515bbc9c7a322022-01-05 09:19:28.960root 11241100x80000000000000006859923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8c38c9e44ee4ee2022-01-05 09:19:28.960root 11241100x80000000000000006859924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34332660be15be1b2022-01-05 09:19:28.960root 11241100x80000000000000006859925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b3de72db7314c52022-01-05 09:19:28.960root 11241100x80000000000000006859926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb89d892295dcc92022-01-05 09:19:28.960root 11241100x80000000000000006859927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd063a8e037df49e2022-01-05 09:19:28.961root 11241100x80000000000000006859928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e56bd3432ce94d92022-01-05 09:19:28.961root 11241100x80000000000000006859929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c2134206dd25392022-01-05 09:19:28.961root 11241100x80000000000000006859930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f7a549ccf4e5232022-01-05 09:19:28.961root 11241100x80000000000000006859931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f241dee33002a2022-01-05 09:19:28.961root 354300x80000000000000006859932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.072{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40674-false10.0.1.12-8000- 11241100x80000000000000006859933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:19:29.402root 11241100x80000000000000006859934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28077180f71a71cb2022-01-05 09:19:29.403root 11241100x80000000000000006859935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209024663d5cae1c2022-01-05 09:19:29.403root 11241100x80000000000000006859936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a68ff82872c0532022-01-05 09:19:29.403root 11241100x80000000000000006859937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3826e16a95ca19e32022-01-05 09:19:29.404root 11241100x80000000000000006859938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4fbabd1b2283b2022-01-05 09:19:29.404root 11241100x80000000000000006859939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee70fc34cb2b445e2022-01-05 09:19:29.404root 11241100x80000000000000006859940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6035d5c5b02cdca42022-01-05 09:19:29.404root 11241100x80000000000000006859941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e81a432562df9382022-01-05 09:19:29.404root 11241100x80000000000000006859942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ac111095db8ba2022-01-05 09:19:29.404root 11241100x80000000000000006859943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44a28416f1d49de2022-01-05 09:19:29.404root 11241100x80000000000000006859944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b98e38efd418e5a2022-01-05 09:19:29.404root 11241100x80000000000000006859945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154c906a2a1c695d2022-01-05 09:19:29.404root 11241100x80000000000000006859946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a64a384b657af92022-01-05 09:19:29.404root 11241100x80000000000000006859947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f6e1c3208fccd72022-01-05 09:19:29.404root 11241100x80000000000000006859948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5a27dff4e6cc662022-01-05 09:19:29.404root 11241100x80000000000000006859949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56671921897cefce2022-01-05 09:19:29.404root 11241100x80000000000000006859950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dc998e37de42192022-01-05 09:19:29.710root 11241100x80000000000000006859951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8882ab602e051f2022-01-05 09:19:29.710root 11241100x80000000000000006859952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878e80f6dbfbc6162022-01-05 09:19:29.710root 11241100x80000000000000006859953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75752e1d085810f72022-01-05 09:19:29.710root 11241100x80000000000000006859954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c59c6171ce8eff82022-01-05 09:19:29.710root 11241100x80000000000000006859955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64367f5d3be24b472022-01-05 09:19:29.710root 11241100x80000000000000006859956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be86940226739b2022-01-05 09:19:29.710root 11241100x80000000000000006859957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932f81edea20b1f82022-01-05 09:19:29.710root 11241100x80000000000000006859958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a175381251565cb02022-01-05 09:19:29.710root 11241100x80000000000000006859959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f329190e81bd37d2022-01-05 09:19:29.710root 11241100x80000000000000006859960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16af3e2aade800e2022-01-05 09:19:29.710root 11241100x80000000000000006859961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273b429e39e39ce2022-01-05 09:19:29.710root 11241100x80000000000000006859962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcf4562d55d2e512022-01-05 09:19:29.710root 11241100x80000000000000006859963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fc6f9a82ce7fce2022-01-05 09:19:29.711root 11241100x80000000000000006859964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337ab16be05955a2022-01-05 09:19:29.711root 11241100x80000000000000006859965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96c6b1610a3b6012022-01-05 09:19:29.711root 11241100x80000000000000006859966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3560226e4d108d852022-01-05 09:19:30.210root 11241100x80000000000000006859967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac13edc8b2482a7b2022-01-05 09:19:30.210root 11241100x80000000000000006859968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40336d74606651ac2022-01-05 09:19:30.210root 11241100x80000000000000006859969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48255279676ecccd2022-01-05 09:19:30.210root 11241100x80000000000000006859970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264edbdfbcb90c32022-01-05 09:19:30.210root 11241100x80000000000000006859971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d31b41ffba6b72022-01-05 09:19:30.211root 11241100x80000000000000006859972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff38f6819af3f162022-01-05 09:19:30.211root 11241100x80000000000000006859973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abed009ed23e1f402022-01-05 09:19:30.211root 11241100x80000000000000006859974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94a7dc8847c92522022-01-05 09:19:30.211root 11241100x80000000000000006859975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0113b584212e5252022-01-05 09:19:30.211root 11241100x80000000000000006859976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2310f568824b172022-01-05 09:19:30.211root 11241100x80000000000000006859977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4718b1554faa392022-01-05 09:19:30.211root 11241100x80000000000000006859978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a84cce7263e101a2022-01-05 09:19:30.211root 11241100x80000000000000006859979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c24dfbe6da5e12022-01-05 09:19:30.211root 11241100x80000000000000006859980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8240845b7384d642022-01-05 09:19:30.211root 11241100x80000000000000006859981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cccf0a9972fe0152022-01-05 09:19:30.211root 11241100x80000000000000006859982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf89c93e11596af02022-01-05 09:19:30.709root 11241100x80000000000000006859983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f9db3756468d8b2022-01-05 09:19:30.710root 11241100x80000000000000006859984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3893fb91ffcdf7772022-01-05 09:19:30.710root 11241100x80000000000000006859985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d795aec9afe382022-01-05 09:19:30.710root 11241100x80000000000000006859986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5dbf9143987d4f2022-01-05 09:19:30.710root 11241100x80000000000000006859987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea079cbfa35b2f42022-01-05 09:19:30.710root 11241100x80000000000000006859988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d09abe24479a5d2022-01-05 09:19:30.710root 11241100x80000000000000006859989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856dc0dd16193a92022-01-05 09:19:30.710root 11241100x80000000000000006859990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473875be78d303c72022-01-05 09:19:30.710root 11241100x80000000000000006859991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db321e007b35632022-01-05 09:19:30.710root 11241100x80000000000000006859992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05866fcf471995822022-01-05 09:19:30.710root 11241100x80000000000000006859993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a23e71bae8d7d2022-01-05 09:19:30.710root 11241100x80000000000000006859994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d764048a610cad302022-01-05 09:19:30.710root 11241100x80000000000000006859995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b257ec4951cb19052022-01-05 09:19:30.711root 11241100x80000000000000006859996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad6223c8a7a81282022-01-05 09:19:30.711root 11241100x80000000000000006859997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b070ec1d52d3dc2022-01-05 09:19:30.711root 11241100x80000000000000006859998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d730073ee073212022-01-05 09:19:31.209root 11241100x80000000000000006859999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd0bca52e0874e22022-01-05 09:19:31.210root 11241100x80000000000000006860000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee512b11097565472022-01-05 09:19:31.210root 11241100x80000000000000006860001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868193759da1bdda2022-01-05 09:19:31.210root 11241100x80000000000000006860002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3d65410808e5ad2022-01-05 09:19:31.210root 11241100x80000000000000006860003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d894c503bedfe22022-01-05 09:19:31.210root 11241100x80000000000000006860004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832f7242ee8c79112022-01-05 09:19:31.210root 11241100x80000000000000006860005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf78815ebf9499d52022-01-05 09:19:31.210root 11241100x80000000000000006860006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c70bed96cb402d82022-01-05 09:19:31.210root 11241100x80000000000000006860007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d3bbcc1a2d9b702022-01-05 09:19:31.210root 11241100x80000000000000006860008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5789222f5603eb1f2022-01-05 09:19:31.210root 11241100x80000000000000006860009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22476129f3372acc2022-01-05 09:19:31.210root 11241100x80000000000000006860010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c36ed77adb32c02022-01-05 09:19:31.210root 11241100x80000000000000006860011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa37491a4ad68662022-01-05 09:19:31.211root 11241100x80000000000000006860012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a4062511f27ffa2022-01-05 09:19:31.211root 11241100x80000000000000006860013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e87a595424fb132022-01-05 09:19:31.211root 11241100x80000000000000006860014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c56c456d3b9e462022-01-05 09:19:31.709root 11241100x80000000000000006860015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7630fb5c023352022-01-05 09:19:31.710root 11241100x80000000000000006860016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4345fa1694f123e02022-01-05 09:19:31.710root 11241100x80000000000000006860017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9527e8b50514052022-01-05 09:19:31.710root 11241100x80000000000000006860018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108698aa3235f5052022-01-05 09:19:31.710root 11241100x80000000000000006860019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7905d9d882ad8f2022-01-05 09:19:31.710root 11241100x80000000000000006860020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8223434d2c81751f2022-01-05 09:19:31.710root 11241100x80000000000000006860021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e4a545c94875ad2022-01-05 09:19:31.710root 11241100x80000000000000006860022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a1f7777cb7a1e22022-01-05 09:19:31.710root 11241100x80000000000000006860023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a93df441a73b8582022-01-05 09:19:31.710root 11241100x80000000000000006860024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c08ab568b02e60f2022-01-05 09:19:31.710root 11241100x80000000000000006860025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490966fbcaa1ec762022-01-05 09:19:31.711root 11241100x80000000000000006860026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55141b25b5b6904b2022-01-05 09:19:31.711root 11241100x80000000000000006860027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2098ec9f9686b902022-01-05 09:19:31.711root 11241100x80000000000000006860028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad90e964a0265032022-01-05 09:19:31.711root 11241100x80000000000000006860029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e4b0f1f2041a32022-01-05 09:19:31.711root 11241100x80000000000000006860030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e56fd90a5bcabe72022-01-05 09:19:32.210root 11241100x80000000000000006860031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430361596565024c2022-01-05 09:19:32.210root 11241100x80000000000000006860032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d48a4da9b7a5c2022-01-05 09:19:32.210root 11241100x80000000000000006860033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd9308776671332022-01-05 09:19:32.210root 11241100x80000000000000006860034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d967db0a18835f3b2022-01-05 09:19:32.210root 11241100x80000000000000006860035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88524fb3372543c12022-01-05 09:19:32.210root 11241100x80000000000000006860036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdb7611e68a63df2022-01-05 09:19:32.210root 11241100x80000000000000006860037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0c04ec1f9e8cbf2022-01-05 09:19:32.210root 11241100x80000000000000006860038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca4120fd4796792022-01-05 09:19:32.210root 11241100x80000000000000006860039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e004e9583b02be2022-01-05 09:19:32.210root 11241100x80000000000000006860040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45278a5e08c23252022-01-05 09:19:32.210root 11241100x80000000000000006860041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe461272a112d62022-01-05 09:19:32.211root 11241100x80000000000000006860042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6410d4c3033908f12022-01-05 09:19:32.211root 11241100x80000000000000006860043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0669e0f12a98bc12022-01-05 09:19:32.211root 11241100x80000000000000006860044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18f9ef560291502022-01-05 09:19:32.211root 11241100x80000000000000006860045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1dac11a371cd02022-01-05 09:19:32.211root 23542300x80000000000000006860046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.404{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006860047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33839bb1f2808b5b2022-01-05 09:19:32.709root 11241100x80000000000000006860048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82551b66ad3f7332022-01-05 09:19:32.709root 11241100x80000000000000006860049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faef61f4c3879d32022-01-05 09:19:32.710root 11241100x80000000000000006860050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda76148a55e8842022-01-05 09:19:32.710root 11241100x80000000000000006860051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e472a99ad8b373d42022-01-05 09:19:32.710root 11241100x80000000000000006860052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452675d9d4540d5d2022-01-05 09:19:32.710root 11241100x80000000000000006860053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632235a6814691a72022-01-05 09:19:32.710root 11241100x80000000000000006860054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeb5740f3d3705f2022-01-05 09:19:32.710root 11241100x80000000000000006860055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d06be02c6d42562022-01-05 09:19:32.710root 11241100x80000000000000006860056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bc1f2c0ca09a722022-01-05 09:19:32.711root 11241100x80000000000000006860057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64b5ab5cece59fe2022-01-05 09:19:32.711root 11241100x80000000000000006860058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c84edca51b3f4f2022-01-05 09:19:32.711root 11241100x80000000000000006860059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715568bd5d7efee92022-01-05 09:19:32.711root 11241100x80000000000000006860060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d770c2ec2f461d2022-01-05 09:19:32.711root 11241100x80000000000000006860061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2259d2051ee886e62022-01-05 09:19:32.711root 11241100x80000000000000006860062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235a0ea4155d2162022-01-05 09:19:32.711root 11241100x80000000000000006860063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7424997179c3f782022-01-05 09:19:32.712root 11241100x80000000000000006860064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f3d3a76811f4f52022-01-05 09:19:33.210root 11241100x80000000000000006860065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc307c4ab90f86f2022-01-05 09:19:33.210root 11241100x80000000000000006860066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe32f320cc0d7752022-01-05 09:19:33.210root 11241100x80000000000000006860067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6b329b96517cab2022-01-05 09:19:33.210root 11241100x80000000000000006860068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71852ddab2268732022-01-05 09:19:33.210root 11241100x80000000000000006860069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bac497f819abb82022-01-05 09:19:33.210root 11241100x80000000000000006860070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b28cdf76e94b1ad2022-01-05 09:19:33.210root 11241100x80000000000000006860071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7a69076df0195a2022-01-05 09:19:33.210root 11241100x80000000000000006860072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f82aa8322d672c2022-01-05 09:19:33.210root 11241100x80000000000000006860073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabd43f123ba56682022-01-05 09:19:33.210root 11241100x80000000000000006860074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60283062a3da322022-01-05 09:19:33.210root 11241100x80000000000000006860075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132a6f0166bc20e2022-01-05 09:19:33.210root 11241100x80000000000000006860076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45816ec3e84f0142022-01-05 09:19:33.211root 11241100x80000000000000006860077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa3be3280751122022-01-05 09:19:33.211root 11241100x80000000000000006860078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64d018e861f2532022-01-05 09:19:33.211root 11241100x80000000000000006860079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86856ac03137a16d2022-01-05 09:19:33.211root 11241100x80000000000000006860080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46657cf60d83b28d2022-01-05 09:19:33.211root 354300x80000000000000006860081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.434{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41156-false10.0.1.12-8089- 11241100x80000000000000006860082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a6f6036fdf9c292022-01-05 09:19:33.709root 11241100x80000000000000006860083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035d9e1ca1a9e7af2022-01-05 09:19:33.709root 11241100x80000000000000006860084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a3f9f7345d0872022-01-05 09:19:33.709root 11241100x80000000000000006860085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4140da902f4926c2022-01-05 09:19:33.710root 11241100x80000000000000006860086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8ddbcc792bf62b2022-01-05 09:19:33.710root 11241100x80000000000000006860087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61f647975e4f1d2022-01-05 09:19:33.710root 11241100x80000000000000006860088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2f0748df2ee492022-01-05 09:19:33.710root 11241100x80000000000000006860089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd9ce22e2b3ea5b2022-01-05 09:19:33.710root 11241100x80000000000000006860090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98098e3dad571da2022-01-05 09:19:33.711root 11241100x80000000000000006860091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f327f9506f85e12a2022-01-05 09:19:33.711root 11241100x80000000000000006860092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a622099ba353402022-01-05 09:19:33.711root 11241100x80000000000000006860093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1624ee52ad750b32022-01-05 09:19:33.711root 11241100x80000000000000006860094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a9a26c9aabc7552022-01-05 09:19:33.711root 11241100x80000000000000006860095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b701ecee83a0f42022-01-05 09:19:33.711root 11241100x80000000000000006860096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af08bd563a6e44e42022-01-05 09:19:33.711root 11241100x80000000000000006860097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881349dc656b78b92022-01-05 09:19:33.711root 11241100x80000000000000006860098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac11a8f6439efdf22022-01-05 09:19:33.711root 11241100x80000000000000006860099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f033f43e18514a22022-01-05 09:19:33.712root 11241100x80000000000000006860100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9c615b58a10922022-01-05 09:19:33.712root 11241100x80000000000000006860101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f81c21079ac19d2022-01-05 09:19:33.712root 11241100x80000000000000006860102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a527f43c44344caf2022-01-05 09:19:33.712root 11241100x80000000000000006860103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6512e4e3710dfbb2022-01-05 09:19:33.712root 11241100x80000000000000006860104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bfb1a1392701892022-01-05 09:19:34.209root 11241100x80000000000000006860105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37aced3608014822022-01-05 09:19:34.209root 11241100x80000000000000006860106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95a1591dd05dd342022-01-05 09:19:34.210root 11241100x80000000000000006860107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2867ccec24797092022-01-05 09:19:34.210root 11241100x80000000000000006860108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d44da6b95c2a5892022-01-05 09:19:34.210root 11241100x80000000000000006860109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca89d6b2d77c30672022-01-05 09:19:34.210root 11241100x80000000000000006860110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ded1b0c200a5a2d2022-01-05 09:19:34.210root 11241100x80000000000000006860111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501d50847b0a8e442022-01-05 09:19:34.210root 11241100x80000000000000006860112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c07203f31381f82022-01-05 09:19:34.210root 11241100x80000000000000006860113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c35b2ff26f86472022-01-05 09:19:34.210root 11241100x80000000000000006860114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736f2ec393773cba2022-01-05 09:19:34.211root 11241100x80000000000000006860115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f764c2be22300042022-01-05 09:19:34.211root 11241100x80000000000000006860116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b4667cb5827b832022-01-05 09:19:34.211root 11241100x80000000000000006860117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591912cbd0b464332022-01-05 09:19:34.211root 11241100x80000000000000006860118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af31408353015c6d2022-01-05 09:19:34.211root 11241100x80000000000000006860119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee4507dac0535d12022-01-05 09:19:34.211root 11241100x80000000000000006860120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35e4f0ae6ddd0042022-01-05 09:19:34.211root 11241100x80000000000000006860121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a94740624f312d2022-01-05 09:19:34.211root 11241100x80000000000000006860122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4171481a76738e2022-01-05 09:19:34.710root 11241100x80000000000000006860123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6cf76af779a4672022-01-05 09:19:34.710root 11241100x80000000000000006860124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02efbd4beb46134e2022-01-05 09:19:34.710root 11241100x80000000000000006860125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd44f08bfffde0682022-01-05 09:19:34.710root 11241100x80000000000000006860126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa689abf3bb938a62022-01-05 09:19:34.710root 11241100x80000000000000006860127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4923eb8550aae7e92022-01-05 09:19:34.710root 11241100x80000000000000006860128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7fd56cd1a12d542022-01-05 09:19:34.710root 11241100x80000000000000006860129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516fd322fb84b0c2022-01-05 09:19:34.710root 11241100x80000000000000006860130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc7fa67256edd8b2022-01-05 09:19:34.710root 11241100x80000000000000006860131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d34b97517a60542022-01-05 09:19:34.710root 11241100x80000000000000006860132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a22bbc4df1c6df2022-01-05 09:19:34.710root 11241100x80000000000000006860133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d48d0238396c382022-01-05 09:19:34.710root 11241100x80000000000000006860134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ce1a28b75aab9f2022-01-05 09:19:34.711root 11241100x80000000000000006860135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01815d9ffefe4fee2022-01-05 09:19:34.711root 11241100x80000000000000006860136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebd40661f5ff3d2022-01-05 09:19:34.711root 11241100x80000000000000006860137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0243039ba19bf1762022-01-05 09:19:34.711root 11241100x80000000000000006860138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e660ead9a468982022-01-05 09:19:34.711root 11241100x80000000000000006860139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b47f5073c7d7be2022-01-05 09:19:34.711root 354300x80000000000000006860140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.032{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40678-false10.0.1.12-8000- 11241100x80000000000000006860141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce2f9476a06a81b2022-01-05 09:19:35.034root 11241100x80000000000000006860142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab48533825f4865c2022-01-05 09:19:35.034root 11241100x80000000000000006860143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a2cf53249ed2eb2022-01-05 09:19:35.034root 11241100x80000000000000006860144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c06c8e9b2f943102022-01-05 09:19:35.034root 11241100x80000000000000006860145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a3f75d3740af802022-01-05 09:19:35.034root 11241100x80000000000000006860146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896d1400b854e872022-01-05 09:19:35.034root 11241100x80000000000000006860147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189af92c3b0ddd52022-01-05 09:19:35.034root 11241100x80000000000000006860148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a66f53098f8ace2022-01-05 09:19:35.034root 11241100x80000000000000006860149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e80c81cbb95e8b2022-01-05 09:19:35.034root 11241100x80000000000000006860150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205637dc335372c72022-01-05 09:19:35.034root 11241100x80000000000000006860151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4a73a5c9f60172022-01-05 09:19:35.035root 11241100x80000000000000006860152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790f9d172cbacebd2022-01-05 09:19:35.035root 11241100x80000000000000006860153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd107048a82a4afe2022-01-05 09:19:35.035root 11241100x80000000000000006860154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060ce11642adeb32022-01-05 09:19:35.035root 11241100x80000000000000006860155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b683dead878d049c2022-01-05 09:19:35.035root 11241100x80000000000000006860156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9aa70095d69ae82022-01-05 09:19:35.035root 11241100x80000000000000006860157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd32d03e4499d402022-01-05 09:19:35.035root 11241100x80000000000000006860158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6abc0ce21f5f8d52022-01-05 09:19:35.035root 11241100x80000000000000006860159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86cbe3785924d62022-01-05 09:19:35.035root 11241100x80000000000000006860160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff2765856c668302022-01-05 09:19:35.459root 11241100x80000000000000006860161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2802b841c908a82022-01-05 09:19:35.459root 11241100x80000000000000006860162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26baea64ef8cb062022-01-05 09:19:35.459root 11241100x80000000000000006860163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482610974ae7a7cf2022-01-05 09:19:35.459root 11241100x80000000000000006860164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3519af93e2e4bfb22022-01-05 09:19:35.459root 11241100x80000000000000006860165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4a46fa29e98acc2022-01-05 09:19:35.460root 11241100x80000000000000006860166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe4236f511056f2022-01-05 09:19:35.460root 11241100x80000000000000006860167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b9a55741b76f5b2022-01-05 09:19:35.460root 11241100x80000000000000006860168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ce3aff2331df12022-01-05 09:19:35.460root 11241100x80000000000000006860169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c36a08388c0b822022-01-05 09:19:35.460root 11241100x80000000000000006860170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417e9595e549f7902022-01-05 09:19:35.460root 11241100x80000000000000006860171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5b439aee1dc152022-01-05 09:19:35.460root 11241100x80000000000000006860172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b78fd1490330292022-01-05 09:19:35.460root 11241100x80000000000000006860173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae730a8abfe8472022-01-05 09:19:35.460root 11241100x80000000000000006860174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621ecd6504bb24532022-01-05 09:19:35.460root 11241100x80000000000000006860175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5fac4534c37e112022-01-05 09:19:35.460root 11241100x80000000000000006860176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d76d1ef381fb4f2022-01-05 09:19:35.460root 11241100x80000000000000006860177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e586431d316065d22022-01-05 09:19:35.461root 11241100x80000000000000006860178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd6dcf7523294392022-01-05 09:19:35.461root 11241100x80000000000000006860179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fa868ad3d1d5a92022-01-05 09:19:35.461root 11241100x80000000000000006860180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0b08ec27020f5f2022-01-05 09:19:35.461root 11241100x80000000000000006860181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e1c5b224e6ec022022-01-05 09:19:35.461root 11241100x80000000000000006860182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398d46c889584332022-01-05 09:19:35.959root 11241100x80000000000000006860183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b16b0ad4d2393f2022-01-05 09:19:35.960root 11241100x80000000000000006860184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6edd5c99fb76bd2022-01-05 09:19:35.960root 11241100x80000000000000006860185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4322c560ffcb53802022-01-05 09:19:35.960root 11241100x80000000000000006860186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c652c74d7ff42dc42022-01-05 09:19:35.960root 11241100x80000000000000006860187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a17f896e20167f2022-01-05 09:19:35.960root 11241100x80000000000000006860188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22c6ac057cda6792022-01-05 09:19:35.960root 11241100x80000000000000006860189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b5df14bb767e552022-01-05 09:19:35.960root 11241100x80000000000000006860190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc99882b67e8984e2022-01-05 09:19:35.960root 11241100x80000000000000006860191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca047b7239297c4c2022-01-05 09:19:35.960root 11241100x80000000000000006860192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d858755aeb35c22022-01-05 09:19:35.960root 11241100x80000000000000006860193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6683f31afcfe996e2022-01-05 09:19:35.960root 11241100x80000000000000006860194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ef43c9811667062022-01-05 09:19:35.960root 11241100x80000000000000006860195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d41a7a9617e4c2022-01-05 09:19:35.960root 11241100x80000000000000006860196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c01c9a163b570152022-01-05 09:19:35.961root 11241100x80000000000000006860197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60a125a2e71b9a2022-01-05 09:19:35.961root 11241100x80000000000000006860198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200be951c69c0c452022-01-05 09:19:35.961root 11241100x80000000000000006860199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682fbe972d97c7d2022-01-05 09:19:35.961root 11241100x80000000000000006860200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2092c70548befcd72022-01-05 09:19:35.961root 154100x80000000000000006860201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.263{ec2e79f3-62a8-61d5-e0d0-f47525560000}22920/usr/bin/groups-----groups/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 11241100x80000000000000006860202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53180ec8559c9a72022-01-05 09:19:36.264root 11241100x80000000000000006860203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085d4e13e472b522022-01-05 09:19:36.264root 11241100x80000000000000006860204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f85c0c324404a892022-01-05 09:19:36.264root 11241100x80000000000000006860205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af789cae6458a32022-01-05 09:19:36.264root 11241100x80000000000000006860206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a27882e8cd3b82022-01-05 09:19:36.265root 11241100x80000000000000006860207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284adb87a35ae4f2022-01-05 09:19:36.265root 11241100x80000000000000006860208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713fc55547bdad752022-01-05 09:19:36.265root 534500x80000000000000006860209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-62a8-61d5-e0d0-f47525560000}22920/usr/bin/groupsubuntu 11241100x80000000000000006860210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47b7d9161ae28eb2022-01-05 09:19:36.266root 11241100x80000000000000006860211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60181d15d94b3a22022-01-05 09:19:36.266root 11241100x80000000000000006860212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee3919d293e98502022-01-05 09:19:36.266root 11241100x80000000000000006860213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12855457848221a32022-01-05 09:19:36.266root 11241100x80000000000000006860214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c086dccb3dfe7c12022-01-05 09:19:36.266root 11241100x80000000000000006860215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352079b062ccc9be2022-01-05 09:19:36.266root 11241100x80000000000000006860216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cfcd60c8b0ab002022-01-05 09:19:36.266root 11241100x80000000000000006860217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430b7a85233279f72022-01-05 09:19:36.266root 11241100x80000000000000006860218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda617d059df9dc62022-01-05 09:19:36.266root 11241100x80000000000000006860219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048c144ae087cdb2022-01-05 09:19:36.266root 11241100x80000000000000006860220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4bdc2fc184e552022-01-05 09:19:36.266root 11241100x80000000000000006860221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b188acc78a75832022-01-05 09:19:36.266root 11241100x80000000000000006860222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b875aa6f37fa72022-01-05 09:19:36.266root 11241100x80000000000000006860223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.267{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b235731ddfef332022-01-05 09:19:36.267root 11241100x80000000000000006860224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.267{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0f3d75ffadd242022-01-05 09:19:36.267root 11241100x80000000000000006860225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.267{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7333874bc737453e2022-01-05 09:19:36.267root 11241100x80000000000000006860226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.268{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb46b0308e4dcf352022-01-05 09:19:36.268root 11241100x80000000000000006860227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.268{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86e8b063a6f14032022-01-05 09:19:36.268root 11241100x80000000000000006860228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b42af90a2a5c732022-01-05 09:19:36.709root 11241100x80000000000000006860229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04820579fd10c182022-01-05 09:19:36.709root 11241100x80000000000000006860230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f3d9a20b15cf1b2022-01-05 09:19:36.710root 11241100x80000000000000006860231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1c194bef4205402022-01-05 09:19:36.710root 11241100x80000000000000006860232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4284d9ec3bd2144a2022-01-05 09:19:36.710root 11241100x80000000000000006860233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf1338f992f07c2022-01-05 09:19:36.710root 11241100x80000000000000006860234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db32ff2c4af3362022-01-05 09:19:36.711root 11241100x80000000000000006860235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaeb2c0a65647352022-01-05 09:19:36.711root 11241100x80000000000000006860236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e915ed4c282e4ba2022-01-05 09:19:36.711root 11241100x80000000000000006860237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776f07fc954e7182022-01-05 09:19:36.711root 11241100x80000000000000006860238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b72b5db383cd01a2022-01-05 09:19:36.711root 11241100x80000000000000006860239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39dc44622e560bf2022-01-05 09:19:36.712root 11241100x80000000000000006860240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92877b6925be2d82022-01-05 09:19:36.712root 11241100x80000000000000006860241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8e2622e9e24c542022-01-05 09:19:36.712root 11241100x80000000000000006860242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754eec64b3bb36912022-01-05 09:19:36.712root 11241100x80000000000000006860243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c808428e12a9e6f82022-01-05 09:19:36.712root 11241100x80000000000000006860244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b3170f547761d2022-01-05 09:19:36.712root 11241100x80000000000000006860245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51fab7087ac712b2022-01-05 09:19:36.712root 11241100x80000000000000006860246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e723c2a20ff05b72022-01-05 09:19:36.712root 11241100x80000000000000006860247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044ebc0beddd7872022-01-05 09:19:36.712root 11241100x80000000000000006860248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db15f48ab9d263fb2022-01-05 09:19:36.712root 11241100x80000000000000006860249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba94f934cfbf172022-01-05 09:19:36.712root 11241100x80000000000000006860250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a41d7fc598af642022-01-05 09:19:36.713root 11241100x80000000000000006860251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7eac584aa31cf62022-01-05 09:19:37.209root 11241100x80000000000000006860252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c2415435c2e64f2022-01-05 09:19:37.210root 11241100x80000000000000006860253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688c25d305462ca82022-01-05 09:19:37.210root 11241100x80000000000000006860254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0c8616194343742022-01-05 09:19:37.210root 11241100x80000000000000006860255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e262748b942f25b32022-01-05 09:19:37.210root 11241100x80000000000000006860256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e640f82cb057d97e2022-01-05 09:19:37.210root 11241100x80000000000000006860257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd407fe0f152ffff2022-01-05 09:19:37.210root 11241100x80000000000000006860258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f8f828cf25fc12022-01-05 09:19:37.210root 11241100x80000000000000006860259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45986b3475da13d32022-01-05 09:19:37.210root 11241100x80000000000000006860260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037228029e6672a2022-01-05 09:19:37.210root 11241100x80000000000000006860261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246cf8e4593cd6ee2022-01-05 09:19:37.210root 11241100x80000000000000006860262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfb10c81915223c2022-01-05 09:19:37.210root 11241100x80000000000000006860263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b03164332f8dfdb2022-01-05 09:19:37.211root 11241100x80000000000000006860264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671462d470d5895a2022-01-05 09:19:37.211root 11241100x80000000000000006860265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10fb881965b28502022-01-05 09:19:37.211root 11241100x80000000000000006860266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945fc753d08470802022-01-05 09:19:37.211root 11241100x80000000000000006860267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa9c1401ef854fb2022-01-05 09:19:37.211root 11241100x80000000000000006860268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b986cc17e273c2022-01-05 09:19:37.211root 11241100x80000000000000006860269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693ecbf1670dfcb22022-01-05 09:19:37.211root 11241100x80000000000000006860270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707bac9100cb25f2022-01-05 09:19:37.211root 11241100x80000000000000006860271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc80716436de2932022-01-05 09:19:37.211root 11241100x80000000000000006860272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7d61104151b0d72022-01-05 09:19:37.710root 11241100x80000000000000006860273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033706faaf594c52022-01-05 09:19:37.710root 11241100x80000000000000006860274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6439f8bcca16692022-01-05 09:19:37.710root 11241100x80000000000000006860275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e1a37c6c40a9da2022-01-05 09:19:37.710root 11241100x80000000000000006860276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db760c69379da49f2022-01-05 09:19:37.710root 11241100x80000000000000006860277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d14b46edaf6f55a2022-01-05 09:19:37.710root 11241100x80000000000000006860278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77b7986c3cb6b92022-01-05 09:19:37.710root 11241100x80000000000000006860279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20081e5810a3af2022-01-05 09:19:37.711root 11241100x80000000000000006860280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b4f7ae191e3092022-01-05 09:19:37.711root 11241100x80000000000000006860281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020975a0283b826b2022-01-05 09:19:37.711root 11241100x80000000000000006860282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c748a67f0190cdf2022-01-05 09:19:37.711root 11241100x80000000000000006860283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ff92677778288b2022-01-05 09:19:37.711root 11241100x80000000000000006860284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9d0e994889be212022-01-05 09:19:37.711root 11241100x80000000000000006860285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef09d34efe0467b92022-01-05 09:19:37.711root 11241100x80000000000000006860286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0135405618240fbc2022-01-05 09:19:37.711root 11241100x80000000000000006860287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc343760c261d5522022-01-05 09:19:37.711root 11241100x80000000000000006860288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faca215b490bdfe2022-01-05 09:19:37.711root 11241100x80000000000000006860289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66363a4f2f72b8a2022-01-05 09:19:37.711root 11241100x80000000000000006860290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663220c9244989ed2022-01-05 09:19:37.711root 11241100x80000000000000006860291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b821a7caac522c5e2022-01-05 09:19:37.711root 11241100x80000000000000006860292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470fc24d332c4312022-01-05 09:19:37.711root 11241100x80000000000000006860293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aeac4d45581f6962022-01-05 09:19:38.210root 11241100x80000000000000006860294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da27d08ab4b4c72022-01-05 09:19:38.210root 11241100x80000000000000006860295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a0e73761f5db482022-01-05 09:19:38.210root 11241100x80000000000000006860296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c762091d12acd62022-01-05 09:19:38.210root 11241100x80000000000000006860297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfadde84633334f22022-01-05 09:19:38.210root 11241100x80000000000000006860298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb505220362c81a62022-01-05 09:19:38.210root 11241100x80000000000000006860299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2dba5c9e4ca1dc2022-01-05 09:19:38.210root 11241100x80000000000000006860300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df2f71b50a48e782022-01-05 09:19:38.210root 11241100x80000000000000006860301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672b299d506ae5fd2022-01-05 09:19:38.210root 11241100x80000000000000006860302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497fd33e87f113e62022-01-05 09:19:38.210root 11241100x80000000000000006860303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59b683aa57905042022-01-05 09:19:38.210root 11241100x80000000000000006860304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21234d1f4d2075492022-01-05 09:19:38.211root 11241100x80000000000000006860305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58049d6be810ce62022-01-05 09:19:38.211root 11241100x80000000000000006860306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeaa6064a2ac7bf2022-01-05 09:19:38.211root 11241100x80000000000000006860307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087c485f0c34d4212022-01-05 09:19:38.211root 11241100x80000000000000006860308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970986554b1b53f82022-01-05 09:19:38.211root 11241100x80000000000000006860309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e82c83195c72192022-01-05 09:19:38.211root 11241100x80000000000000006860310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef4f4040e0520322022-01-05 09:19:38.211root 11241100x80000000000000006860311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3992668bc8f720ca2022-01-05 09:19:38.211root 11241100x80000000000000006860312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545d042b9ac50ef72022-01-05 09:19:38.211root 11241100x80000000000000006860313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063df399fd6048612022-01-05 09:19:38.211root 11241100x80000000000000006860314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ff39ab7a8ae62b2022-01-05 09:19:38.710root 11241100x80000000000000006860315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cacfcd7dcefddec2022-01-05 09:19:38.710root 11241100x80000000000000006860316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ab31a15e34cf502022-01-05 09:19:38.710root 11241100x80000000000000006860317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610fb5824a2165372022-01-05 09:19:38.710root 11241100x80000000000000006860318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc30c779bc5b6682022-01-05 09:19:38.711root 11241100x80000000000000006860319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d729c8a09936fb12022-01-05 09:19:38.711root 11241100x80000000000000006860320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ca59faa38eee392022-01-05 09:19:38.711root 11241100x80000000000000006860321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b83bfc657f5a82022-01-05 09:19:38.711root 11241100x80000000000000006860322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a03454dad3296332022-01-05 09:19:38.711root 11241100x80000000000000006860323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4a54bf6e7f6b9a2022-01-05 09:19:38.711root 11241100x80000000000000006860324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36489a88cc9b814f2022-01-05 09:19:38.712root 11241100x80000000000000006860325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844a988b1b1a19ec2022-01-05 09:19:38.712root 11241100x80000000000000006860326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6daa89da5e819c792022-01-05 09:19:38.712root 11241100x80000000000000006860327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13252f9920c064992022-01-05 09:19:38.712root 11241100x80000000000000006860328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9d25b08fc351b2022-01-05 09:19:38.712root 11241100x80000000000000006860329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fff45e37668ff62022-01-05 09:19:38.713root 11241100x80000000000000006860330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18fd8ce294566f72022-01-05 09:19:38.713root 11241100x80000000000000006860331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff65d712c2764522022-01-05 09:19:38.713root 11241100x80000000000000006860332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81a2177073319d62022-01-05 09:19:38.713root 11241100x80000000000000006860333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b081468c3c50f7aa2022-01-05 09:19:38.714root 11241100x80000000000000006860334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b931ec0efc12e82022-01-05 09:19:38.714root 11241100x80000000000000006860335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df5e59c126ab52c2022-01-05 09:19:39.209root 11241100x80000000000000006860336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a5c9a4b1e3ab32022-01-05 09:19:39.209root 11241100x80000000000000006860337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed23b19ef1fc4d342022-01-05 09:19:39.209root 11241100x80000000000000006860338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc14308c3720d4e2022-01-05 09:19:39.209root 11241100x80000000000000006860339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e8315ec0576dad2022-01-05 09:19:39.210root 11241100x80000000000000006860340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4be9861e17337642022-01-05 09:19:39.210root 11241100x80000000000000006860341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a760539414bf123b2022-01-05 09:19:39.210root 11241100x80000000000000006860342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4351fccbabf524c32022-01-05 09:19:39.210root 11241100x80000000000000006860343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852dd1900ab010742022-01-05 09:19:39.210root 11241100x80000000000000006860344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5ea0f285695c812022-01-05 09:19:39.211root 11241100x80000000000000006860345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554b9e54cedafed32022-01-05 09:19:39.211root 11241100x80000000000000006860346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4474a5684b98fa392022-01-05 09:19:39.211root 11241100x80000000000000006860347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ef5b9e312b461d2022-01-05 09:19:39.211root 11241100x80000000000000006860348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88433d0be5529fd2022-01-05 09:19:39.211root 11241100x80000000000000006860349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd617aaf995d01052022-01-05 09:19:39.212root 11241100x80000000000000006860350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b0dc727a019f932022-01-05 09:19:39.212root 11241100x80000000000000006860351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2027b710d35af8392022-01-05 09:19:39.212root 11241100x80000000000000006860352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9680772666619e042022-01-05 09:19:39.212root 11241100x80000000000000006860353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c223608811d41c2022-01-05 09:19:39.212root 11241100x80000000000000006860354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92689887f27c30362022-01-05 09:19:39.212root 11241100x80000000000000006860355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b13ae65127de2352022-01-05 09:19:39.212root 11241100x80000000000000006860356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b076922443239cdc2022-01-05 09:19:39.213root 11241100x80000000000000006860357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292b3246366600f2022-01-05 09:19:39.213root 11241100x80000000000000006860358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba816289231b9b82022-01-05 09:19:39.214root 11241100x80000000000000006860359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c37dc2ae3811bac2022-01-05 09:19:39.709root 11241100x80000000000000006860360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a094fd71c722ae942022-01-05 09:19:39.710root 11241100x80000000000000006860361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d2193218b6c5292022-01-05 09:19:39.710root 11241100x80000000000000006860362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0df3a7bd93564a2022-01-05 09:19:39.710root 11241100x80000000000000006860363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0191f889a3ed8d92022-01-05 09:19:39.710root 11241100x80000000000000006860364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0c9d9f981a47732022-01-05 09:19:39.710root 11241100x80000000000000006860365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b00ce30bb0a182022-01-05 09:19:39.711root 11241100x80000000000000006860366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d49606408b46d62022-01-05 09:19:39.711root 11241100x80000000000000006860367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54fbf336f9459a2022-01-05 09:19:39.711root 11241100x80000000000000006860368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12decac1b9291bf02022-01-05 09:19:39.711root 11241100x80000000000000006860369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43bf9c1402555632022-01-05 09:19:39.712root 11241100x80000000000000006860370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d253f3fdb2aa7152022-01-05 09:19:39.712root 11241100x80000000000000006860371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c7ceb005b4ece2022-01-05 09:19:39.713root 11241100x80000000000000006860372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf7b71d3d5b98e2022-01-05 09:19:39.713root 11241100x80000000000000006860373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1053f81761e7c0932022-01-05 09:19:39.713root 11241100x80000000000000006860374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0702d3b0df71ece2022-01-05 09:19:39.713root 11241100x80000000000000006860375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da2d5d957fcc8e2022-01-05 09:19:39.713root 11241100x80000000000000006860376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a70b37bda6b2202022-01-05 09:19:39.714root 11241100x80000000000000006860377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7e4cf3d8df3f62022-01-05 09:19:39.714root 11241100x80000000000000006860378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f59311dcb88a722022-01-05 09:19:39.714root 11241100x80000000000000006860379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e071d2e21eac8c2022-01-05 09:19:39.714root 354300x80000000000000006860380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.082{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40680-false10.0.1.12-8000- 11241100x80000000000000006860381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03810ae95a6c5eae2022-01-05 09:19:40.083root 11241100x80000000000000006860382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0168a85fed82b02022-01-05 09:19:40.083root 11241100x80000000000000006860383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89987ec745eb58352022-01-05 09:19:40.084root 11241100x80000000000000006860384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ec350c255d6a42022-01-05 09:19:40.084root 11241100x80000000000000006860385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118646ef891001f2022-01-05 09:19:40.084root 11241100x80000000000000006860386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ce2c0907d7edab2022-01-05 09:19:40.084root 11241100x80000000000000006860387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b9446eaec4b0972022-01-05 09:19:40.084root 11241100x80000000000000006860388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc4daeee369d55f2022-01-05 09:19:40.085root 11241100x80000000000000006860389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f649a7090b987752022-01-05 09:19:40.085root 11241100x80000000000000006860390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd9dee8958ed8b2022-01-05 09:19:40.085root 11241100x80000000000000006860391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c4091f09d24ee2022-01-05 09:19:40.085root 11241100x80000000000000006860392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accd1de7f37ec5bd2022-01-05 09:19:40.085root 11241100x80000000000000006860393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4056c1d462f3504d2022-01-05 09:19:40.085root 11241100x80000000000000006860394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e147ee6a60ca92022-01-05 09:19:40.085root 11241100x80000000000000006860395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b9fd9eb0470ee2022-01-05 09:19:40.085root 11241100x80000000000000006860396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8431e3dbe4332d92022-01-05 09:19:40.086root 11241100x80000000000000006860397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77601b99b17c442022-01-05 09:19:40.086root 11241100x80000000000000006860398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c210574d1c66b1eb2022-01-05 09:19:40.086root 11241100x80000000000000006860399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ee4588137c2af2022-01-05 09:19:40.086root 11241100x80000000000000006860400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfac80ce0c0585792022-01-05 09:19:40.086root 11241100x80000000000000006860401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dca7d25e8116682022-01-05 09:19:40.086root 11241100x80000000000000006860402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d98a35adc39f392022-01-05 09:19:40.086root 11241100x80000000000000006860403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc31717e16a430922022-01-05 09:19:40.086root 11241100x80000000000000006860404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0eae86c7eef7c32022-01-05 09:19:40.087root 11241100x80000000000000006860405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64fdb6520264d8a2022-01-05 09:19:40.087root 11241100x80000000000000006860406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502cb19f141718bb2022-01-05 09:19:40.087root 11241100x80000000000000006860407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf3b476bac68ac32022-01-05 09:19:40.087root 11241100x80000000000000006860408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceb80353c10bd422022-01-05 09:19:40.087root 11241100x80000000000000006860409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e55cc5a733cec2022-01-05 09:19:40.460root 11241100x80000000000000006860410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9d87af539d9552022-01-05 09:19:40.460root 11241100x80000000000000006860411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc1c3f38b1289612022-01-05 09:19:40.460root 11241100x80000000000000006860412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b27a236f2c5b52022-01-05 09:19:40.460root 11241100x80000000000000006860413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6489a614abb965572022-01-05 09:19:40.460root 11241100x80000000000000006860414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681898856a1aba32022-01-05 09:19:40.460root 11241100x80000000000000006860415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c5444f684071e2022-01-05 09:19:40.460root 11241100x80000000000000006860416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4661fb79934d426a2022-01-05 09:19:40.460root 11241100x80000000000000006860417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c48865bffb06902022-01-05 09:19:40.461root 11241100x80000000000000006860418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a16bb4ac8ff2af2022-01-05 09:19:40.461root 11241100x80000000000000006860419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b379e84620d2032022-01-05 09:19:40.461root 11241100x80000000000000006860420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36b56a1fd85e2b72022-01-05 09:19:40.461root 11241100x80000000000000006860421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f8965697ade7a2022-01-05 09:19:40.461root 11241100x80000000000000006860422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20416306041553da2022-01-05 09:19:40.461root 11241100x80000000000000006860423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad2a719cda175152022-01-05 09:19:40.461root 11241100x80000000000000006860424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87e2dfe9dc66462022-01-05 09:19:40.461root 11241100x80000000000000006860425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f557cdc422e200d22022-01-05 09:19:40.461root 11241100x80000000000000006860426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c320e30b98a0916e2022-01-05 09:19:40.462root 11241100x80000000000000006860427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdaa7b46f3d736d2022-01-05 09:19:40.462root 11241100x80000000000000006860428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e51f498011ffef2022-01-05 09:19:40.462root 11241100x80000000000000006860429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e4dba1558102e72022-01-05 09:19:40.462root 11241100x80000000000000006860430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b101c21d4c1a12022-01-05 09:19:40.462root 11241100x80000000000000006860431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9545ffe150e73c002022-01-05 09:19:40.959root 11241100x80000000000000006860432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0670e734d63c022022-01-05 09:19:40.960root 11241100x80000000000000006860433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad03936471b1f5b2022-01-05 09:19:40.960root 11241100x80000000000000006860434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ccf51bc069f1a32022-01-05 09:19:40.960root 11241100x80000000000000006860435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be57d89de0c791b2022-01-05 09:19:40.960root 11241100x80000000000000006860436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847d5c68b6d90d3a2022-01-05 09:19:40.960root 11241100x80000000000000006860437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c877053f55ed02022-01-05 09:19:40.960root 11241100x80000000000000006860438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9ead8d1d65c412022-01-05 09:19:40.960root 11241100x80000000000000006860439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c9df934543776f2022-01-05 09:19:40.960root 11241100x80000000000000006860440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcb7aa4f4b48b242022-01-05 09:19:40.961root 11241100x80000000000000006860441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081c7f20101b21bb2022-01-05 09:19:40.961root 11241100x80000000000000006860442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a03c4e336583d2022-01-05 09:19:40.961root 11241100x80000000000000006860443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdfde5f1237f4552022-01-05 09:19:40.961root 11241100x80000000000000006860444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6581db92703071dd2022-01-05 09:19:40.961root 11241100x80000000000000006860445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8354bc9e2dc3112e2022-01-05 09:19:40.961root 11241100x80000000000000006860446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50034da9ab5f58b42022-01-05 09:19:40.961root 11241100x80000000000000006860447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d55bf42e0d9c7db2022-01-05 09:19:40.961root 11241100x80000000000000006860448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff1683c200d46aa2022-01-05 09:19:40.961root 11241100x80000000000000006860449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c822e020dd7142602022-01-05 09:19:40.961root 11241100x80000000000000006860450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc88a85af941a032022-01-05 09:19:40.962root 11241100x80000000000000006860451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d803d5e72c3b382022-01-05 09:19:40.962root 11241100x80000000000000006860452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4febbb30f24640b72022-01-05 09:19:40.962root 11241100x80000000000000006860453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b93e344dfc3da2022-01-05 09:19:41.459root 11241100x80000000000000006860454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5d14299d469f8d2022-01-05 09:19:41.460root 11241100x80000000000000006860455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb5d0373eb4ac362022-01-05 09:19:41.460root 11241100x80000000000000006860456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2332602e17d5682022-01-05 09:19:41.460root 11241100x80000000000000006860457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be63c67be0236352022-01-05 09:19:41.460root 11241100x80000000000000006860458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84709ecf802f5b512022-01-05 09:19:41.460root 11241100x80000000000000006860459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f970a79c20095012022-01-05 09:19:41.460root 11241100x80000000000000006860460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ede07f963a300812022-01-05 09:19:41.461root 11241100x80000000000000006860461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0448b279c42bcd12022-01-05 09:19:41.461root 11241100x80000000000000006860462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3dd61ee4bed2f2022-01-05 09:19:41.461root 11241100x80000000000000006860463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff19b9fde0fd7a362022-01-05 09:19:41.461root 11241100x80000000000000006860464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f9b76d5c294132022-01-05 09:19:41.461root 11241100x80000000000000006860465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23fb72b8969e0d2022-01-05 09:19:41.461root 11241100x80000000000000006860466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e8394ba0b4c352022-01-05 09:19:41.461root 11241100x80000000000000006860467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7da7a510c62a3b2022-01-05 09:19:41.461root 11241100x80000000000000006860468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab63e7aa86da66c2022-01-05 09:19:41.462root 11241100x80000000000000006860469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bc68f191f55c8a2022-01-05 09:19:41.462root 11241100x80000000000000006860470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9ac7d27cc7b7e62022-01-05 09:19:41.462root 11241100x80000000000000006860471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee3c7af291d71272022-01-05 09:19:41.462root 11241100x80000000000000006860472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3568246c39c48f52022-01-05 09:19:41.463root 11241100x80000000000000006860473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8841a1f7bcab77402022-01-05 09:19:41.463root 11241100x80000000000000006860474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b321c3ec96d8b21a2022-01-05 09:19:41.463root 11241100x80000000000000006860475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a109eab0c538d2022-01-05 09:19:41.463root 11241100x80000000000000006860476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb12d8b56f251f92022-01-05 09:19:41.463root 11241100x80000000000000006860477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a984598ae3a6b4c02022-01-05 09:19:41.959root 11241100x80000000000000006860478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f6da894114c392022-01-05 09:19:41.960root 11241100x80000000000000006860479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383e1953f1c749482022-01-05 09:19:41.960root 11241100x80000000000000006860480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e17420e19259ca2022-01-05 09:19:41.960root 11241100x80000000000000006860481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c2e026d344c3d2022-01-05 09:19:41.961root 11241100x80000000000000006860482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2860c756eb32782022-01-05 09:19:41.961root 11241100x80000000000000006860483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d442cd20683872022-01-05 09:19:41.961root 11241100x80000000000000006860484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb0a410a5ba380d2022-01-05 09:19:41.961root 11241100x80000000000000006860485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5c92e2722406062022-01-05 09:19:41.962root 11241100x80000000000000006860486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2150dbaadcae84fd2022-01-05 09:19:41.962root 11241100x80000000000000006860487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44484b97ad69acf12022-01-05 09:19:41.962root 11241100x80000000000000006860488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e93b41092cb6b42022-01-05 09:19:41.962root 11241100x80000000000000006860489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff724a76203a562022-01-05 09:19:41.962root 11241100x80000000000000006860490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235da6f5e1acd4852022-01-05 09:19:41.962root 11241100x80000000000000006860491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a9f7a064c6e1a62022-01-05 09:19:41.962root 11241100x80000000000000006860492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9edd493bc8338602022-01-05 09:19:41.962root 11241100x80000000000000006860493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf1545f524ebb202022-01-05 09:19:41.962root 11241100x80000000000000006860494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b9bf77bb7a4292022-01-05 09:19:41.963root 11241100x80000000000000006860495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527677f6f52dfa032022-01-05 09:19:41.963root 11241100x80000000000000006860496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a165a493f2c8f6f2022-01-05 09:19:41.963root 11241100x80000000000000006860497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4cad78f937ca7a2022-01-05 09:19:41.963root 11241100x80000000000000006860498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d2f22bd401b18d2022-01-05 09:19:41.963root 11241100x80000000000000006860499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457f1b6b5f71fafe2022-01-05 09:19:41.963root 11241100x80000000000000006860500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e53ea0983ebd7742022-01-05 09:19:41.963root 11241100x80000000000000006860501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84518a8da34751302022-01-05 09:19:42.460root 11241100x80000000000000006860502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df3f435af345442022-01-05 09:19:42.460root 11241100x80000000000000006860503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763417c8e10def3f2022-01-05 09:19:42.460root 11241100x80000000000000006860504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c21700c57951a92022-01-05 09:19:42.460root 11241100x80000000000000006860505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c223daf3b2099662022-01-05 09:19:42.460root 11241100x80000000000000006860506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ee12d49ed74cb2022-01-05 09:19:42.460root 11241100x80000000000000006860507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5463b1c7c4eed8992022-01-05 09:19:42.460root 11241100x80000000000000006860508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f33fdf561a32b692022-01-05 09:19:42.460root 11241100x80000000000000006860509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e93bcb2f4ffd82022-01-05 09:19:42.461root 11241100x80000000000000006860510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377b67d39d31be62022-01-05 09:19:42.461root 11241100x80000000000000006860511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc615065dc46a212022-01-05 09:19:42.461root 11241100x80000000000000006860512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df20fd2a8690d1cc2022-01-05 09:19:42.461root 11241100x80000000000000006860513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73b247195ba3822022-01-05 09:19:42.461root 11241100x80000000000000006860514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b16dacfd8b5f4b52022-01-05 09:19:42.461root 11241100x80000000000000006860515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2128591ee0b1e71a2022-01-05 09:19:42.461root 11241100x80000000000000006860516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b0694c5d395fea2022-01-05 09:19:42.461root 11241100x80000000000000006860517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a4900600afe872022-01-05 09:19:42.461root 11241100x80000000000000006860518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49032418226007c62022-01-05 09:19:42.461root 11241100x80000000000000006860519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db06f239b33183e2022-01-05 09:19:42.461root 11241100x80000000000000006860520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1012250a1d4219672022-01-05 09:19:42.462root 11241100x80000000000000006860521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a2eb32079747cf2022-01-05 09:19:42.462root 11241100x80000000000000006860522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c951634b78f0302022-01-05 09:19:42.462root 11241100x80000000000000006860523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c9f19ab846c5f2022-01-05 09:19:42.959root 11241100x80000000000000006860524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d709ba3fd60028cd2022-01-05 09:19:42.959root 11241100x80000000000000006860525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f133e8ba154acd02022-01-05 09:19:42.960root 11241100x80000000000000006860526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c65782a4059e052022-01-05 09:19:42.960root 11241100x80000000000000006860527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b544ba1b6f290d2022-01-05 09:19:42.960root 11241100x80000000000000006860528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f87a13d89fd96492022-01-05 09:19:42.960root 11241100x80000000000000006860529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82a604d11fa8acc2022-01-05 09:19:42.960root 11241100x80000000000000006860530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aaaac915aa98992022-01-05 09:19:42.961root 11241100x80000000000000006860531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c040902d468ae052022-01-05 09:19:42.961root 11241100x80000000000000006860532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2558de6fa5a796e2022-01-05 09:19:42.961root 11241100x80000000000000006860533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914158ade578f1a72022-01-05 09:19:42.961root 11241100x80000000000000006860534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f36c381c103e7c82022-01-05 09:19:42.961root 11241100x80000000000000006860535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2859b562424362022-01-05 09:19:42.961root 11241100x80000000000000006860536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d83068eececa242022-01-05 09:19:42.961root 11241100x80000000000000006860537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008a7b7d206fdc082022-01-05 09:19:42.961root 11241100x80000000000000006860538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992479257c523e732022-01-05 09:19:42.961root 11241100x80000000000000006860539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80653b39c94e54e72022-01-05 09:19:42.962root 11241100x80000000000000006860540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d69ba7386df6fbf2022-01-05 09:19:42.962root 11241100x80000000000000006860541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928a7440d14510ea2022-01-05 09:19:42.962root 11241100x80000000000000006860542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48451aa4e4b4c232022-01-05 09:19:42.962root 11241100x80000000000000006860543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21c46cb880aee42022-01-05 09:19:42.962root 11241100x80000000000000006860544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa815233d543d3f2022-01-05 09:19:42.962root 11241100x80000000000000006860545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbbc08aa26d3b92022-01-05 09:19:42.962root 11241100x80000000000000006860546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a2144f282f65d32022-01-05 09:19:42.962root 11241100x80000000000000006860547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba228184547660e2022-01-05 09:19:42.962root 11241100x80000000000000006860548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23123f3965f88a932022-01-05 09:19:42.962root 11241100x80000000000000006860549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30540285b24982882022-01-05 09:19:42.962root 11241100x80000000000000006860550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d9a516d85c7e382022-01-05 09:19:42.962root 11241100x80000000000000006860551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd36d24a55ba962022-01-05 09:19:43.460root 11241100x80000000000000006860552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2058c50c87ba211f2022-01-05 09:19:43.460root 11241100x80000000000000006860553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e7bf96890517382022-01-05 09:19:43.460root 11241100x80000000000000006860554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3af97d00dd34992022-01-05 09:19:43.460root 11241100x80000000000000006860555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fef78a01d1552b2022-01-05 09:19:43.460root 11241100x80000000000000006860556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c1ec927b8911692022-01-05 09:19:43.460root 11241100x80000000000000006860557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fb2c45459760752022-01-05 09:19:43.460root 11241100x80000000000000006860558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02853646350fd5fd2022-01-05 09:19:43.461root 11241100x80000000000000006860559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58499c9145654d162022-01-05 09:19:43.461root 11241100x80000000000000006860560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358660863f2568952022-01-05 09:19:43.461root 11241100x80000000000000006860561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d1059666529d772022-01-05 09:19:43.461root 11241100x80000000000000006860562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf474bcb4da423dd2022-01-05 09:19:43.461root 11241100x80000000000000006860563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23b799a0032d6bb2022-01-05 09:19:43.461root 11241100x80000000000000006860564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e958af01fbb952022-01-05 09:19:43.461root 11241100x80000000000000006860565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60bd55cce421d232022-01-05 09:19:43.461root 11241100x80000000000000006860566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be950ff504690a72022-01-05 09:19:43.461root 11241100x80000000000000006860567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a6cc0fd8bdc0b12022-01-05 09:19:43.462root 11241100x80000000000000006860568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4590e445f54472632022-01-05 09:19:43.462root 11241100x80000000000000006860569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbfcf7696d510fa2022-01-05 09:19:43.462root 11241100x80000000000000006860570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5afb933937d2ac2022-01-05 09:19:43.462root 11241100x80000000000000006860571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae1bc6e12650a22022-01-05 09:19:43.462root 11241100x80000000000000006860572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3380a6a7603c742022-01-05 09:19:43.462root 11241100x80000000000000006860573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65f494aa449c3d2022-01-05 09:19:43.960root 11241100x80000000000000006860574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf630cb5bb24daa2022-01-05 09:19:43.960root 11241100x80000000000000006860575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdffb3b7686b1da42022-01-05 09:19:43.960root 11241100x80000000000000006860576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af7a28b29bb6522022-01-05 09:19:43.960root 11241100x80000000000000006860577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f061493650a40f2022-01-05 09:19:43.961root 11241100x80000000000000006860578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fe886779c9c72d2022-01-05 09:19:43.961root 11241100x80000000000000006860579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7e1bde149e3cf32022-01-05 09:19:43.961root 11241100x80000000000000006860580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba047b58cb2573a2022-01-05 09:19:43.961root 11241100x80000000000000006860581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55745e5bf6bbc1432022-01-05 09:19:43.961root 11241100x80000000000000006860582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9769d1319e4189e12022-01-05 09:19:43.961root 11241100x80000000000000006860583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c59fece2fe35d372022-01-05 09:19:43.961root 11241100x80000000000000006860584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f6976378dfd4a2022-01-05 09:19:43.961root 11241100x80000000000000006860585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0d839fc8eb9fbb2022-01-05 09:19:43.961root 11241100x80000000000000006860586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceb3d886f790ef72022-01-05 09:19:43.961root 11241100x80000000000000006860587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1600b6f95a8846472022-01-05 09:19:43.961root 11241100x80000000000000006860588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35efd174d026f31d2022-01-05 09:19:43.961root 11241100x80000000000000006860589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559b29c71cd8b332022-01-05 09:19:43.961root 11241100x80000000000000006860590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da70b98ce4577362022-01-05 09:19:43.961root 11241100x80000000000000006860591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b4bed5ee2c58a2022-01-05 09:19:43.962root 11241100x80000000000000006860592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7afbc3764342dc52022-01-05 09:19:43.962root 11241100x80000000000000006860593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeff0a98a53a1bd2022-01-05 09:19:43.962root 11241100x80000000000000006860594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641e609273c66e202022-01-05 09:19:43.962root 11241100x80000000000000006860595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebde1a52ed19f5ed2022-01-05 09:19:44.459root 11241100x80000000000000006860596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2035f57dcfb151ca2022-01-05 09:19:44.459root 11241100x80000000000000006860597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f38a043e33d8c42022-01-05 09:19:44.460root 11241100x80000000000000006860598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ff1fff4cfd19492022-01-05 09:19:44.460root 11241100x80000000000000006860599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b792e34c3288a512022-01-05 09:19:44.460root 11241100x80000000000000006860600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ed879ef256d2a62022-01-05 09:19:44.460root 11241100x80000000000000006860601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7371d948a947b72022-01-05 09:19:44.460root 11241100x80000000000000006860602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419842f951295ccb2022-01-05 09:19:44.461root 11241100x80000000000000006860603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547c520091eed2822022-01-05 09:19:44.461root 11241100x80000000000000006860604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc164ce5c860532022-01-05 09:19:44.461root 11241100x80000000000000006860605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4115366dd6f9f8092022-01-05 09:19:44.461root 11241100x80000000000000006860606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a922c274ec599432022-01-05 09:19:44.461root 11241100x80000000000000006860607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e2a2d3a64214f12022-01-05 09:19:44.462root 11241100x80000000000000006860608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a7823cf583a82c2022-01-05 09:19:44.462root 11241100x80000000000000006860609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b511f629afe10022022-01-05 09:19:44.462root 11241100x80000000000000006860610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5168a2c5e8b777c2022-01-05 09:19:44.462root 11241100x80000000000000006860611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6fec7a20f68b8d2022-01-05 09:19:44.462root 11241100x80000000000000006860612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbfb2daa7f8555f2022-01-05 09:19:44.463root 11241100x80000000000000006860613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95643210614a026b2022-01-05 09:19:44.463root 11241100x80000000000000006860614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264387898a7b00352022-01-05 09:19:44.463root 11241100x80000000000000006860615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d0e232c756cff2022-01-05 09:19:44.463root 11241100x80000000000000006860616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bbe9bb48ed0bbb2022-01-05 09:19:44.463root 11241100x80000000000000006860617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2297208d555082022-01-05 09:19:44.959root 11241100x80000000000000006860618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fbd6e59d59d1e2022-01-05 09:19:44.960root 11241100x80000000000000006860619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7c043d1efaac192022-01-05 09:19:44.960root 11241100x80000000000000006860620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2fad7b0e1fcdd2022-01-05 09:19:44.960root 11241100x80000000000000006860621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9141222801ec26d32022-01-05 09:19:44.961root 11241100x80000000000000006860622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2646f9841fd864582022-01-05 09:19:44.961root 11241100x80000000000000006860623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ea68f75c4d63c12022-01-05 09:19:44.961root 11241100x80000000000000006860624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb00a4c549318532022-01-05 09:19:44.961root 11241100x80000000000000006860625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6888c340854584fa2022-01-05 09:19:44.961root 11241100x80000000000000006860626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cc2b0c6c4139ca2022-01-05 09:19:44.961root 11241100x80000000000000006860627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9293b109288f9cca2022-01-05 09:19:44.961root 11241100x80000000000000006860628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45361a03b5752bc52022-01-05 09:19:44.961root 11241100x80000000000000006860629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a7a83f536dea9d2022-01-05 09:19:44.961root 11241100x80000000000000006860630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9440c71f39f8f19e2022-01-05 09:19:44.961root 11241100x80000000000000006860631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecac47fefb60c6e2022-01-05 09:19:44.961root 11241100x80000000000000006860632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21258bc9a51ca0c82022-01-05 09:19:44.961root 11241100x80000000000000006860633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ff9826f74602802022-01-05 09:19:44.962root 11241100x80000000000000006860634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11f9c09f095c01d2022-01-05 09:19:44.962root 11241100x80000000000000006860635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0187a57df7fd5fc02022-01-05 09:19:44.962root 11241100x80000000000000006860636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a3601521acfa892022-01-05 09:19:44.962root 11241100x80000000000000006860637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3191967863d69fda2022-01-05 09:19:44.962root 11241100x80000000000000006860638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfd98ad02bb8dc42022-01-05 09:19:44.962root 11241100x80000000000000006860639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84df650f0c149662022-01-05 09:19:44.962root 11241100x80000000000000006860640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc20d6ec9df0366e2022-01-05 09:19:44.962root 11241100x80000000000000006860641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137fbd6d25d75c762022-01-05 09:19:44.962root 354300x80000000000000006860642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.188{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40682-false10.0.1.12-8000- 11241100x80000000000000006860643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a395682289a1df2022-01-05 09:19:45.460root 11241100x80000000000000006860644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e23d57d65cf76a2022-01-05 09:19:45.460root 11241100x80000000000000006860645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f2b469397f58322022-01-05 09:19:45.460root 11241100x80000000000000006860646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ee273c2f5c5f52022-01-05 09:19:45.460root 11241100x80000000000000006860647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1fc410f67f72cd2022-01-05 09:19:45.460root 11241100x80000000000000006860648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86257faa381ffb52022-01-05 09:19:45.460root 11241100x80000000000000006860649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f5da5582075b792022-01-05 09:19:45.460root 11241100x80000000000000006860650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea1fef7fa350762022-01-05 09:19:45.461root 11241100x80000000000000006860651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a51a2b10871572022-01-05 09:19:45.461root 11241100x80000000000000006860652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0644b7e83b78a44b2022-01-05 09:19:45.461root 11241100x80000000000000006860653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c241516b4f9ea88e2022-01-05 09:19:45.461root 11241100x80000000000000006860654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e0b9e19ff5d1132022-01-05 09:19:45.461root 11241100x80000000000000006860655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42d32b8080996e2022-01-05 09:19:45.461root 11241100x80000000000000006860656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3193cf479eb2e7c2022-01-05 09:19:45.461root 11241100x80000000000000006860657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6994f23a61fad2022-01-05 09:19:45.461root 11241100x80000000000000006860658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff684df9bb893f42022-01-05 09:19:45.461root 11241100x80000000000000006860659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9ae5d6223082b42022-01-05 09:19:45.462root 11241100x80000000000000006860660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f753ab3a197394e2022-01-05 09:19:45.462root 11241100x80000000000000006860661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e4ff13ce7a24d2022-01-05 09:19:45.462root 11241100x80000000000000006860662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d493d6b6967b6fb62022-01-05 09:19:45.462root 11241100x80000000000000006860663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b7979e6d6334ee2022-01-05 09:19:45.462root 11241100x80000000000000006860664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a4e6cfc769bed82022-01-05 09:19:45.462root 11241100x80000000000000006860665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a366795959a34bd2022-01-05 09:19:45.463root 11241100x80000000000000006860666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07be2858b60147032022-01-05 09:19:45.959root 11241100x80000000000000006860667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2cac4118cc3ad12022-01-05 09:19:45.960root 11241100x80000000000000006860668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e437b4f081e7a42022-01-05 09:19:45.960root 11241100x80000000000000006860669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8643e9d8a9f78ac52022-01-05 09:19:45.960root 11241100x80000000000000006860670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e3a0b5d50832b02022-01-05 09:19:45.960root 11241100x80000000000000006860671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f6d0108bb60ff62022-01-05 09:19:45.961root 11241100x80000000000000006860672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d464c665e5e632022-01-05 09:19:45.961root 11241100x80000000000000006860673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788fbc2f088a44922022-01-05 09:19:45.961root 11241100x80000000000000006860674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bda30105e08df92022-01-05 09:19:45.961root 11241100x80000000000000006860675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e508a065f24f25a92022-01-05 09:19:45.961root 11241100x80000000000000006860676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c4c5a6feab9182022-01-05 09:19:45.962root 11241100x80000000000000006860677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f58ecd5f4987652022-01-05 09:19:45.962root 11241100x80000000000000006860678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480c1c1698ed8faf2022-01-05 09:19:45.962root 11241100x80000000000000006860679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13344957c9ede63b2022-01-05 09:19:45.962root 11241100x80000000000000006860680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16395a3bb2666e62022-01-05 09:19:45.962root 11241100x80000000000000006860681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8af0e0bc8e20f22022-01-05 09:19:45.962root 11241100x80000000000000006860682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe33b9f428de16f72022-01-05 09:19:45.963root 11241100x80000000000000006860683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60a7ea234b83bce2022-01-05 09:19:45.963root 11241100x80000000000000006860684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2913e51bb0c880172022-01-05 09:19:45.963root 11241100x80000000000000006860685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce264e15dfad79522022-01-05 09:19:45.963root 11241100x80000000000000006860686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8335b41b2dae51e72022-01-05 09:19:45.963root 11241100x80000000000000006860687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f121f003a98c7d62022-01-05 09:19:45.963root 11241100x80000000000000006860688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbecbfe1a3b8bdf2022-01-05 09:19:45.964root 11241100x80000000000000006860689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77f12d196e9ed662022-01-05 09:19:46.460root 11241100x80000000000000006860690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b04b67e0c5082f42022-01-05 09:19:46.460root 11241100x80000000000000006860691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80eee436ba05d9e2022-01-05 09:19:46.460root 11241100x80000000000000006860692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae7a4022aa4e6ac2022-01-05 09:19:46.460root 11241100x80000000000000006860693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2600156f306107182022-01-05 09:19:46.460root 11241100x80000000000000006860694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21c9337d544816c2022-01-05 09:19:46.460root 11241100x80000000000000006860695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec271b2d3d17a03e2022-01-05 09:19:46.461root 11241100x80000000000000006860696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bfef4ac389ea942022-01-05 09:19:46.462root 11241100x80000000000000006860697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40873fdf359891a32022-01-05 09:19:46.462root 11241100x80000000000000006860698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397fff601fa8c32a2022-01-05 09:19:46.462root 11241100x80000000000000006860699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555bd34101832dfe2022-01-05 09:19:46.462root 11241100x80000000000000006860700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff31a4e998913c8b2022-01-05 09:19:46.463root 11241100x80000000000000006860701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700ab635e0b436482022-01-05 09:19:46.463root 11241100x80000000000000006860702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f34f280a83e2f4a2022-01-05 09:19:46.464root 11241100x80000000000000006860703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf4412848f8c9492022-01-05 09:19:46.464root 11241100x80000000000000006860704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f097621c429db62022-01-05 09:19:46.464root 11241100x80000000000000006860705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d7a6e7dabc0d172022-01-05 09:19:46.465root 11241100x80000000000000006860706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a05fb874743ed712022-01-05 09:19:46.465root 11241100x80000000000000006860707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb725414bca22942022-01-05 09:19:46.465root 11241100x80000000000000006860708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3723aa539cd6e82022-01-05 09:19:46.465root 11241100x80000000000000006860709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22545413b2b13842022-01-05 09:19:46.466root 11241100x80000000000000006860710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773ab52113865aaf2022-01-05 09:19:46.466root 11241100x80000000000000006860711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7babfff6b488c672022-01-05 09:19:46.466root 154100x80000000000000006860712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.589{ec2e79f3-62b2-61d5-587d-ddf3ec550000}22921/usr/bin/users-----users/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 534500x80000000000000006860713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.592{ec2e79f3-62b2-61d5-587d-ddf3ec550000}22921/usr/bin/usersubuntu 11241100x80000000000000006860714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b132b6a1c2f0c8ed2022-01-05 09:19:46.959root 11241100x80000000000000006860715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b697b9027d46d77d2022-01-05 09:19:46.959root 11241100x80000000000000006860716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c0cd7155a37e92022-01-05 09:19:46.960root 11241100x80000000000000006860717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d931b8fd9c746c2022-01-05 09:19:46.960root 11241100x80000000000000006860718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5b8d6f3bc7b9b22022-01-05 09:19:46.960root 11241100x80000000000000006860719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596bb833da537c72022-01-05 09:19:46.960root 11241100x80000000000000006860720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d28f5750f485882022-01-05 09:19:46.960root 11241100x80000000000000006860721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e85249b14fd3132022-01-05 09:19:46.960root 11241100x80000000000000006860722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943687864e0d2472022-01-05 09:19:46.961root 11241100x80000000000000006860723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80d1a66280554c22022-01-05 09:19:46.961root 11241100x80000000000000006860724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff437ba0e65f7232022-01-05 09:19:46.961root 11241100x80000000000000006860725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3082843f11d6032022-01-05 09:19:46.961root 11241100x80000000000000006860726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06c43df4d7d99842022-01-05 09:19:46.961root 11241100x80000000000000006860727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc222d7ae4f5bdeb2022-01-05 09:19:46.962root 11241100x80000000000000006860728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a2dce0227b70632022-01-05 09:19:46.962root 11241100x80000000000000006860729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931789d0f6cc2c3d2022-01-05 09:19:46.962root 11241100x80000000000000006860730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789920a7c32211b52022-01-05 09:19:46.962root 11241100x80000000000000006860731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b808f60d4cb5cdc82022-01-05 09:19:46.962root 11241100x80000000000000006860732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03debbfbd53ede62022-01-05 09:19:46.962root 11241100x80000000000000006860733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344725ecb345e4872022-01-05 09:19:46.963root 11241100x80000000000000006860734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad01f461b067f0312022-01-05 09:19:46.963root 11241100x80000000000000006860735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd7abb95c088612022-01-05 09:19:46.963root 11241100x80000000000000006860736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8e88231b36947c2022-01-05 09:19:46.963root 11241100x80000000000000006860737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d934f0b34936382022-01-05 09:19:46.963root 11241100x80000000000000006860738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf4679f67baab782022-01-05 09:19:46.963root 11241100x80000000000000006860739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4794a1d775f0a19a2022-01-05 09:19:47.460root 11241100x80000000000000006860740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6651376c5a1d60c2022-01-05 09:19:47.460root 11241100x80000000000000006860741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07899a133db60462022-01-05 09:19:47.460root 11241100x80000000000000006860742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6f1515104065372022-01-05 09:19:47.460root 11241100x80000000000000006860743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7ec9d0e1bb13a2022-01-05 09:19:47.460root 11241100x80000000000000006860744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9f5adfd024222c2022-01-05 09:19:47.460root 11241100x80000000000000006860745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a5268708b547e22022-01-05 09:19:47.461root 11241100x80000000000000006860746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512225aef4c497242022-01-05 09:19:47.461root 11241100x80000000000000006860747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdfd8a7f7e4110f2022-01-05 09:19:47.461root 11241100x80000000000000006860748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece5a0510287997b2022-01-05 09:19:47.461root 11241100x80000000000000006860749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab6ffcde5212a9c2022-01-05 09:19:47.461root 11241100x80000000000000006860750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b7b6298f80bc12022-01-05 09:19:47.461root 11241100x80000000000000006860751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac52c9b5aab565fc2022-01-05 09:19:47.461root 11241100x80000000000000006860752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f29d67b906b04412022-01-05 09:19:47.461root 11241100x80000000000000006860753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fb90bcad4885142022-01-05 09:19:47.461root 11241100x80000000000000006860754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df1b296199467a12022-01-05 09:19:47.462root 11241100x80000000000000006860755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2d5d0976aa3bf12022-01-05 09:19:47.462root 11241100x80000000000000006860756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25db68c11128d40e2022-01-05 09:19:47.462root 11241100x80000000000000006860757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb6edb936c04cf22022-01-05 09:19:47.462root 11241100x80000000000000006860758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ac46dd7a508b2b2022-01-05 09:19:47.462root 11241100x80000000000000006860759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb90b89bb4b6b02022-01-05 09:19:47.462root 11241100x80000000000000006860760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41367c30c2b67f082022-01-05 09:19:47.462root 11241100x80000000000000006860761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d900ab4d8a53d02022-01-05 09:19:47.463root 11241100x80000000000000006860762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24a450580131ba2022-01-05 09:19:47.463root 11241100x80000000000000006860763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe21ed97453e4ddb2022-01-05 09:19:47.463root 11241100x80000000000000006860764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e7f54ba637717d2022-01-05 09:19:47.960root 11241100x80000000000000006860765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d785668c5d74bdf2022-01-05 09:19:47.960root 11241100x80000000000000006860766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2c47643c1e44e2022-01-05 09:19:47.960root 11241100x80000000000000006860767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd310b9744da7502022-01-05 09:19:47.960root 11241100x80000000000000006860768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d381aaa1362fe7d72022-01-05 09:19:47.960root 11241100x80000000000000006860769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abd390781ee660a2022-01-05 09:19:47.960root 11241100x80000000000000006860770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e2d8c6e2611f592022-01-05 09:19:47.960root 11241100x80000000000000006860771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf6576652967ae2022-01-05 09:19:47.961root 11241100x80000000000000006860772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d33f15b4f4db42022-01-05 09:19:47.961root 11241100x80000000000000006860773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7384cb4b59437562022-01-05 09:19:47.961root 11241100x80000000000000006860774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b58151d6842899e2022-01-05 09:19:47.961root 11241100x80000000000000006860775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6284958fb340bc12022-01-05 09:19:47.961root 11241100x80000000000000006860776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a17f9c123caa52022-01-05 09:19:47.961root 11241100x80000000000000006860777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb4a6513fbec4d2022-01-05 09:19:47.961root 11241100x80000000000000006860778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d75a317c988d20c2022-01-05 09:19:47.961root 11241100x80000000000000006860779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccceb9b8d7d5f0d52022-01-05 09:19:47.961root 11241100x80000000000000006860780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06b8c833814bf852022-01-05 09:19:47.961root 11241100x80000000000000006860781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99f3371f9f458d2022-01-05 09:19:47.961root 11241100x80000000000000006860782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c61850819e6d72022-01-05 09:19:47.962root 11241100x80000000000000006860783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe65dbb1e44bc9ce2022-01-05 09:19:47.962root 11241100x80000000000000006860784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51709d1defdc58852022-01-05 09:19:47.962root 11241100x80000000000000006860785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59537c4a6abebcbd2022-01-05 09:19:47.962root 11241100x80000000000000006860786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503c55d206ca51f12022-01-05 09:19:47.962root 11241100x80000000000000006860787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a07a6e480cf36b2022-01-05 09:19:47.962root 11241100x80000000000000006860788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d25330a114410ec2022-01-05 09:19:47.962root 11241100x80000000000000006860789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1156b3881e2624262022-01-05 09:19:48.460root 11241100x80000000000000006860790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52acd9c78a22ade72022-01-05 09:19:48.460root 11241100x80000000000000006860791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c963246f04e831072022-01-05 09:19:48.460root 11241100x80000000000000006860792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2b633284342502022-01-05 09:19:48.460root 11241100x80000000000000006860793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b83d49b526c702022-01-05 09:19:48.460root 11241100x80000000000000006860794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea39c749b093bd72022-01-05 09:19:48.460root 11241100x80000000000000006860795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faecb77c02692ec42022-01-05 09:19:48.460root 11241100x80000000000000006860796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fee41f2fa9afda2022-01-05 09:19:48.460root 11241100x80000000000000006860797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbabb1051e811b892022-01-05 09:19:48.460root 11241100x80000000000000006860798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5919ee22d338492022-01-05 09:19:48.460root 11241100x80000000000000006860799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fef25830c475d12022-01-05 09:19:48.460root 11241100x80000000000000006860800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac604608dae7df2022-01-05 09:19:48.460root 11241100x80000000000000006860801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d1f033c3ff839f2022-01-05 09:19:48.461root 11241100x80000000000000006860802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc7f2f23fb5c11f2022-01-05 09:19:48.461root 11241100x80000000000000006860803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8e6629aef4451e2022-01-05 09:19:48.461root 11241100x80000000000000006860804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa549781c0f803db2022-01-05 09:19:48.461root 11241100x80000000000000006860805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77bef0b7fba765a2022-01-05 09:19:48.461root 11241100x80000000000000006860806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a003b778c5a2c2022-01-05 09:19:48.461root 11241100x80000000000000006860807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07d2bceaa672df32022-01-05 09:19:48.461root 11241100x80000000000000006860808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1cbd59b59d3b232022-01-05 09:19:48.461root 11241100x80000000000000006860809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91796126efba4f422022-01-05 09:19:48.461root 11241100x80000000000000006860810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da00c44d0a3352d2022-01-05 09:19:48.461root 11241100x80000000000000006860811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85760db9e63118f62022-01-05 09:19:48.461root 11241100x80000000000000006860812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d77ca84a9afab3e2022-01-05 09:19:48.461root 11241100x80000000000000006860813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545d6467e5813442022-01-05 09:19:48.461root 11241100x80000000000000006860814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d908f36089ce5d2022-01-05 09:19:48.461root 11241100x80000000000000006860815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04abc65e6f475e5d2022-01-05 09:19:48.461root 11241100x80000000000000006860816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2448af0e8612e202022-01-05 09:19:48.462root 11241100x80000000000000006860817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a02d7cfea08ac8d2022-01-05 09:19:48.462root 11241100x80000000000000006860818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2831109756631e1a2022-01-05 09:19:48.462root 11241100x80000000000000006860819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0531e731519e842022-01-05 09:19:48.462root 11241100x80000000000000006860820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce8f6042ca08b92022-01-05 09:19:48.462root 11241100x80000000000000006860821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde21a6993115b382022-01-05 09:19:48.462root 11241100x80000000000000006860822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15ef427553e34b92022-01-05 09:19:48.462root 11241100x80000000000000006860823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fcc24509ccd3bf2022-01-05 09:19:48.462root 11241100x80000000000000006860824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d46861d3969e8d2022-01-05 09:19:48.462root 11241100x80000000000000006860825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dec8cff7959c2602022-01-05 09:19:48.462root 11241100x80000000000000006860826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e775efc8e5125e32022-01-05 09:19:48.462root 11241100x80000000000000006860827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361b286db652cc212022-01-05 09:19:48.960root 11241100x80000000000000006860828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e0fa1c18e0b2b22022-01-05 09:19:48.960root 11241100x80000000000000006860829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af9198be22c2052022-01-05 09:19:48.960root 11241100x80000000000000006860830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd9dc6a16ba1c3e2022-01-05 09:19:48.960root 11241100x80000000000000006860831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4646c77db71f792022-01-05 09:19:48.960root 11241100x80000000000000006860832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e37df565c043582022-01-05 09:19:48.960root 11241100x80000000000000006860833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d93b2c8cbd9892022-01-05 09:19:48.960root 11241100x80000000000000006860834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f366232b9e15272022-01-05 09:19:48.960root 11241100x80000000000000006860835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e716cc7f3882ee2022-01-05 09:19:48.960root 11241100x80000000000000006860836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a855d4d7658eb55b2022-01-05 09:19:48.960root 11241100x80000000000000006860837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b8fde67cafcfc2022-01-05 09:19:48.961root 11241100x80000000000000006860838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e63a0d96b611822022-01-05 09:19:48.961root 11241100x80000000000000006860839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b8450257f9e4352022-01-05 09:19:48.961root 11241100x80000000000000006860840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a254e096c59fd92022-01-05 09:19:48.961root 11241100x80000000000000006860841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40996911f08b89b52022-01-05 09:19:48.961root 11241100x80000000000000006860842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f337d3ee96a5f62022-01-05 09:19:48.961root 11241100x80000000000000006860843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfb3751c202b1732022-01-05 09:19:48.961root 11241100x80000000000000006860844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962d9a1813932f852022-01-05 09:19:48.961root 11241100x80000000000000006860845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79488a235a5db54b2022-01-05 09:19:48.961root 11241100x80000000000000006860846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b987527e80aaea6e2022-01-05 09:19:48.961root 11241100x80000000000000006860847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e56f443bf2e672022-01-05 09:19:48.961root 11241100x80000000000000006860848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89d4aa70224707c2022-01-05 09:19:48.961root 11241100x80000000000000006860849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51859c1854a307ee2022-01-05 09:19:48.961root 11241100x80000000000000006860850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291be65f2ecc79802022-01-05 09:19:48.961root 11241100x80000000000000006860851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a8f44219e778752022-01-05 09:19:48.962root 11241100x80000000000000006860852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edae1e27001f57c2022-01-05 09:19:49.459root 11241100x80000000000000006860853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46b1d0a30027ad32022-01-05 09:19:49.459root 11241100x80000000000000006860854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b703b7edae9459b72022-01-05 09:19:49.459root 11241100x80000000000000006860855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a393c906f49c1e0e2022-01-05 09:19:49.459root 11241100x80000000000000006860856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c84390f5e9405ac2022-01-05 09:19:49.459root 11241100x80000000000000006860857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db790cc80822ae62022-01-05 09:19:49.459root 11241100x80000000000000006860858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11c8e4b6dfd910b2022-01-05 09:19:49.460root 11241100x80000000000000006860859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f23aaa0e60e3b92022-01-05 09:19:49.460root 11241100x80000000000000006860860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d4b0236dab433b2022-01-05 09:19:49.460root 11241100x80000000000000006860861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db5c6335d97f2332022-01-05 09:19:49.460root 11241100x80000000000000006860862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bfe734db7685272022-01-05 09:19:49.460root 11241100x80000000000000006860863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f72970a2311ecc2022-01-05 09:19:49.460root 11241100x80000000000000006860864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8e669adca8bb1c2022-01-05 09:19:49.460root 11241100x80000000000000006860865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f1e78acaabe7e2022-01-05 09:19:49.460root 11241100x80000000000000006860866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c8028bf1482bf2022-01-05 09:19:49.460root 11241100x80000000000000006860867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44cc7134bb3c3b42022-01-05 09:19:49.460root 11241100x80000000000000006860868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40995e3631382b82022-01-05 09:19:49.460root 11241100x80000000000000006860869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ea89707fdc7c42022-01-05 09:19:49.460root 11241100x80000000000000006860870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21741a24ee2a2572022-01-05 09:19:49.460root 11241100x80000000000000006860871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851536f9c0c48f1a2022-01-05 09:19:49.461root 11241100x80000000000000006860872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6805e4ae5afa69472022-01-05 09:19:49.461root 11241100x80000000000000006860873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7293f644df745f2022-01-05 09:19:49.461root 11241100x80000000000000006860874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed13c479abed0072022-01-05 09:19:49.461root 11241100x80000000000000006860875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f37213e87221d92022-01-05 09:19:49.461root 11241100x80000000000000006860876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76f7c2e2b28a00d2022-01-05 09:19:49.461root 11241100x80000000000000006860877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d506ba3b45326b2022-01-05 09:19:49.461root 11241100x80000000000000006860878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18318081a1d71b82022-01-05 09:19:49.461root 11241100x80000000000000006860879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3031418aedceddea2022-01-05 09:19:49.461root 11241100x80000000000000006860880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb11922ac7099fd2022-01-05 09:19:49.461root 11241100x80000000000000006860881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50085708e92986af2022-01-05 09:19:49.461root 11241100x80000000000000006860882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe93056c6a1a482022-01-05 09:19:49.461root 11241100x80000000000000006860883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ef4198f1edab72022-01-05 09:19:49.461root 11241100x80000000000000006860884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19825e3e4bd5c712022-01-05 09:19:49.461root 11241100x80000000000000006860885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300a46e54fb4d2d2022-01-05 09:19:49.462root 11241100x80000000000000006860886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5a39607565eb592022-01-05 09:19:49.462root 11241100x80000000000000006860887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e4deb516c2f852022-01-05 09:19:49.462root 11241100x80000000000000006860888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcfba289918c8eb2022-01-05 09:19:49.960root 11241100x80000000000000006860889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2f81b197a40092022-01-05 09:19:49.960root 11241100x80000000000000006860890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830bab7c7d8a5af12022-01-05 09:19:49.960root 11241100x80000000000000006860891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5d7c65e240046d2022-01-05 09:19:49.960root 11241100x80000000000000006860892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cb06136b6c7a62022-01-05 09:19:49.960root 11241100x80000000000000006860893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664fbc9b33553c362022-01-05 09:19:49.960root 11241100x80000000000000006860894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb524f5744d9b92022-01-05 09:19:49.960root 11241100x80000000000000006860895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4205a301e65c7b92022-01-05 09:19:49.960root 11241100x80000000000000006860896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31826a3565da9be62022-01-05 09:19:49.960root 11241100x80000000000000006860897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d16619ec11d17f2022-01-05 09:19:49.960root 11241100x80000000000000006860898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f048cf9bd71e6d2022-01-05 09:19:49.961root 11241100x80000000000000006860899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2415f6c26973642022-01-05 09:19:49.961root 11241100x80000000000000006860900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afdb561b98e3d182022-01-05 09:19:49.961root 11241100x80000000000000006860901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a97a01c799296d2022-01-05 09:19:49.961root 11241100x80000000000000006860902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6816d767788232022-01-05 09:19:49.961root 11241100x80000000000000006860903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000062ac39fe406b2022-01-05 09:19:49.961root 11241100x80000000000000006860904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48b80c217424c1e2022-01-05 09:19:49.961root 11241100x80000000000000006860905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b50288cdd0b68e2022-01-05 09:19:49.961root 11241100x80000000000000006860906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f107c794fe03b962022-01-05 09:19:49.961root 11241100x80000000000000006860907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b7b9028c947882022-01-05 09:19:49.961root 11241100x80000000000000006860908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18241611eba4dfe92022-01-05 09:19:49.961root 11241100x80000000000000006860909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293bfb922c32dd1e2022-01-05 09:19:49.961root 11241100x80000000000000006860910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5354f3e8acb4f1592022-01-05 09:19:49.961root 11241100x80000000000000006860911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfb5c3dc81ba7772022-01-05 09:19:49.962root 11241100x80000000000000006860912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f0b8b046119e92022-01-05 09:19:49.963root 11241100x80000000000000006860913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912d193d554d1fc2022-01-05 09:19:50.459root 11241100x80000000000000006860914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f11b99cac58e05e2022-01-05 09:19:50.459root 11241100x80000000000000006860915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad264695b9f53dc2022-01-05 09:19:50.460root 11241100x80000000000000006860916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c067411d324d2cc2022-01-05 09:19:50.460root 11241100x80000000000000006860917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5c0db04ff522672022-01-05 09:19:50.460root 11241100x80000000000000006860918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743f977390e18fef2022-01-05 09:19:50.460root 11241100x80000000000000006860919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb099e26ca1e3c52022-01-05 09:19:50.460root 11241100x80000000000000006860920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2279b822ba3c70d2022-01-05 09:19:50.460root 11241100x80000000000000006860921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad572c7f9a5608d2022-01-05 09:19:50.461root 11241100x80000000000000006860922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b7805c1652a422022-01-05 09:19:50.461root 11241100x80000000000000006860923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308636847bf5c4f02022-01-05 09:19:50.461root 11241100x80000000000000006860924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d320ec014b39a292022-01-05 09:19:50.461root 11241100x80000000000000006860925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f404591099dfd12022-01-05 09:19:50.461root 11241100x80000000000000006860926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901d1b34645ac1252022-01-05 09:19:50.461root 11241100x80000000000000006860927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b603eb220942e572022-01-05 09:19:50.462root 11241100x80000000000000006860928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d6a2079b75b772022-01-05 09:19:50.462root 11241100x80000000000000006860929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b97f9bde2d4bd2022-01-05 09:19:50.462root 11241100x80000000000000006860930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bcd02500fc3df2022-01-05 09:19:50.462root 11241100x80000000000000006860931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831b8a66bba6eea32022-01-05 09:19:50.462root 11241100x80000000000000006860932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4113e4d9bbdb5f2022-01-05 09:19:50.462root 11241100x80000000000000006860933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712e1ca49949ef2e2022-01-05 09:19:50.463root 11241100x80000000000000006860934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d5188236b441e2022-01-05 09:19:50.463root 11241100x80000000000000006860935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2291e0871d66385c2022-01-05 09:19:50.463root 11241100x80000000000000006860936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6f7284c5a19cb02022-01-05 09:19:50.463root 11241100x80000000000000006860937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d57d5a3e317d9e2022-01-05 09:19:50.463root 11241100x80000000000000006860938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b1d1b2a87317d42022-01-05 09:19:50.463root 11241100x80000000000000006860939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a8943fc06646d22022-01-05 09:19:50.463root 11241100x80000000000000006860940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f3e309b2771e732022-01-05 09:19:50.463root 11241100x80000000000000006860941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0538e9a4d96027c82022-01-05 09:19:50.463root 11241100x80000000000000006860942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee335f67b1f6d1c2022-01-05 09:19:50.959root 11241100x80000000000000006860943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7459d143bed1d642022-01-05 09:19:50.959root 11241100x80000000000000006860944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f898632e6c5c5492022-01-05 09:19:50.959root 11241100x80000000000000006860945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e501293507af852a2022-01-05 09:19:50.960root 11241100x80000000000000006860946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103abc6fe152a71f2022-01-05 09:19:50.960root 11241100x80000000000000006860947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69877ec0eaf72aa12022-01-05 09:19:50.960root 11241100x80000000000000006860948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a5112b694d4c612022-01-05 09:19:50.960root 11241100x80000000000000006860949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73292d4b9b7441e92022-01-05 09:19:50.960root 11241100x80000000000000006860950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ec75f1804651782022-01-05 09:19:50.960root 11241100x80000000000000006860951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876179dcf69b7fbd2022-01-05 09:19:50.960root 11241100x80000000000000006860952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66bacabd2d0f0092022-01-05 09:19:50.960root 11241100x80000000000000006860953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ee8179fdb56eb32022-01-05 09:19:50.960root 11241100x80000000000000006860954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7282f04a1f1d5312022-01-05 09:19:50.960root 11241100x80000000000000006860955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2ca7b51bcacc412022-01-05 09:19:50.961root 11241100x80000000000000006860956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea891a59bebb672022-01-05 09:19:50.961root 11241100x80000000000000006860957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39873f4dc9602982022-01-05 09:19:50.961root 11241100x80000000000000006860958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248432a3bdfb2cc32022-01-05 09:19:50.961root 11241100x80000000000000006860959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39987766c632a73c2022-01-05 09:19:50.961root 11241100x80000000000000006860960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39bad386ab6e26d2022-01-05 09:19:50.961root 11241100x80000000000000006860961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852b600ace692b382022-01-05 09:19:50.961root 11241100x80000000000000006860962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07a4eeaefbb77222022-01-05 09:19:50.961root 11241100x80000000000000006860963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b255e38644b7d2022-01-05 09:19:50.961root 11241100x80000000000000006860964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7671a4e04ea94f9a2022-01-05 09:19:50.961root 11241100x80000000000000006860965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb99441f26b9402022-01-05 09:19:50.961root 11241100x80000000000000006860966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bd09c250349f4a2022-01-05 09:19:50.962root 11241100x80000000000000006860967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c4a8d29df61e7b2022-01-05 09:19:50.962root 11241100x80000000000000006860968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d17f037449d32b2022-01-05 09:19:50.962root 11241100x80000000000000006860969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d6bbc8866f8e682022-01-05 09:19:50.963root 11241100x80000000000000006860970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ebd071eaa909c62022-01-05 09:19:50.963root 354300x80000000000000006860971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.158{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40684-false10.0.1.12-8000- 11241100x80000000000000006860972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b07dcb947e9f1662022-01-05 09:19:51.459root 11241100x80000000000000006860973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c0c414e095d5f52022-01-05 09:19:51.460root 11241100x80000000000000006860974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4793bec6736922a02022-01-05 09:19:51.460root 11241100x80000000000000006860975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13608f19be7b5af2022-01-05 09:19:51.460root 11241100x80000000000000006860976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8628894aaeeebbc2022-01-05 09:19:51.460root 11241100x80000000000000006860977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcc1750f44f61542022-01-05 09:19:51.460root 11241100x80000000000000006860978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f50fd310a2fbcb2022-01-05 09:19:51.460root 11241100x80000000000000006860979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589496275c1820e82022-01-05 09:19:51.460root 11241100x80000000000000006860980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af516dada6943ba12022-01-05 09:19:51.460root 11241100x80000000000000006860981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70661ff06f00b2a02022-01-05 09:19:51.460root 11241100x80000000000000006860982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba7974d94742c4d2022-01-05 09:19:51.460root 11241100x80000000000000006860983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c716292868adbd5c2022-01-05 09:19:51.460root 11241100x80000000000000006860984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d5d54e186f248b2022-01-05 09:19:51.460root 11241100x80000000000000006860985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddc7254e8c888c72022-01-05 09:19:51.461root 11241100x80000000000000006860986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e303707f7aa32e2022-01-05 09:19:51.461root 11241100x80000000000000006860987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241a5152d1c64f792022-01-05 09:19:51.461root 11241100x80000000000000006860988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bdcbd6cd126a192022-01-05 09:19:51.461root 11241100x80000000000000006860989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b142b51ba52d6502022-01-05 09:19:51.461root 11241100x80000000000000006860990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6497843bccda482022-01-05 09:19:51.461root 11241100x80000000000000006860991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660bf84f46a74bb42022-01-05 09:19:51.461root 11241100x80000000000000006860992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fbd7a298e94def2022-01-05 09:19:51.461root 11241100x80000000000000006860993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb9334d122c338f2022-01-05 09:19:51.461root 11241100x80000000000000006860994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd38be82a03a1a2022-01-05 09:19:51.461root 11241100x80000000000000006860995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524ae0c4d95f69362022-01-05 09:19:51.461root 11241100x80000000000000006860996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bab9319e9876372022-01-05 09:19:51.462root 11241100x80000000000000006860997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2463c609716f2b52022-01-05 09:19:51.462root 354300x80000000000000006861026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.205{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40688-false10.0.1.12-8000- 23542300x80000000000000006861027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.403{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006861028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02375327510005bb2022-01-05 09:20:02.459root 11241100x80000000000000006861029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaedd998ee735a92022-01-05 09:20:02.459root 11241100x80000000000000006861030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304759e20baa1212022-01-05 09:20:02.959root 11241100x80000000000000006861031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a045bc23e6c456f42022-01-05 09:20:02.959root 11241100x80000000000000006861032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a0d700f59e90c62022-01-05 09:20:03.459root 11241100x80000000000000006861033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387395cb73653abe2022-01-05 09:20:03.459root 11241100x80000000000000006861034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29fa106815e8dd62022-01-05 09:20:03.959root 11241100x80000000000000006861035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e317cbfd7f17a832022-01-05 09:20:03.959root 11241100x80000000000000006861036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd8fa22db7ff9bb2022-01-05 09:20:04.459root 11241100x80000000000000006861037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e57b757e2fbb2662022-01-05 09:20:04.459root 11241100x80000000000000006861038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be25512417f42be2022-01-05 09:20:04.959root 11241100x80000000000000006861039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc849e84f8f08d2022-01-05 09:20:04.959root 11241100x80000000000000006861040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31124f59eac236f92022-01-05 09:20:05.459root 11241100x80000000000000006861041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec523f668fe6fa32022-01-05 09:20:05.459root 154100x80000000000000006861042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.794{ec2e79f3-62c5-61d5-6804-2b064c560000}22922/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006861043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.795{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80932304a0530ef2022-01-05 09:20:05.795root 11241100x80000000000000006861044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.795{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9744dce85ba6b32022-01-05 09:20:05.795root 534500x80000000000000006861045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.819{ec2e79f3-62c5-61d5-6804-2b064c560000}22922/bin/psroot 11241100x80000000000000006861046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41effd2911d60e62022-01-05 09:20:06.209root 11241100x80000000000000006861047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8af1694b0d2e6e42022-01-05 09:20:06.209root 11241100x80000000000000006861048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7a7e4b72e18b182022-01-05 09:20:06.209root 11241100x80000000000000006861049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a977eaba961622022-01-05 09:20:06.209root 11241100x80000000000000006861050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726046ebc846b61a2022-01-05 09:20:06.709root 11241100x80000000000000006861051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabc6a38893517cd2022-01-05 09:20:06.709root 11241100x80000000000000006861052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b390465184c7eca92022-01-05 09:20:06.709root 11241100x80000000000000006861053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d686fa86b81cc2022-01-05 09:20:06.709root 11241100x80000000000000006861054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc4cce4083b5a362022-01-05 09:20:07.209root 11241100x80000000000000006861055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0b1db8818e4ecd2022-01-05 09:20:07.209root 11241100x80000000000000006861056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505887473135f8a2022-01-05 09:20:07.209root 11241100x80000000000000006861057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f3180cc9b46b102022-01-05 09:20:07.209root 11241100x80000000000000006861058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d6eafbae578ca2022-01-05 09:20:07.709root 11241100x80000000000000006861059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9704577168b6a2022-01-05 09:20:07.709root 11241100x80000000000000006861060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fa834eb70905122022-01-05 09:20:07.709root 11241100x80000000000000006861061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9ac0cfa1f3aab2022-01-05 09:20:07.709root 354300x80000000000000006861062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.008{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40690-false10.0.1.12-8000- 11241100x80000000000000006861063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.008{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55e370f24d240f82022-01-05 09:20:08.008root 11241100x80000000000000006861064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08f47c4489b029b2022-01-05 09:20:08.009root 11241100x80000000000000006861065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657eb6f3f52f38362022-01-05 09:20:08.009root 11241100x80000000000000006861066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a644203cd313d9f82022-01-05 09:20:08.009root 11241100x80000000000000006861067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04eb901e2729f862022-01-05 09:20:08.009root 11241100x80000000000000006861068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93310205c620b2252022-01-05 09:20:08.459root 11241100x80000000000000006861069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b3d6096c5d2542022-01-05 09:20:08.459root 11241100x80000000000000006861070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d168418352dacc2022-01-05 09:20:08.459root 11241100x80000000000000006861071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75441dcbe70d35082022-01-05 09:20:08.459root 11241100x80000000000000006861072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1c9f791344562f2022-01-05 09:20:08.459root 11241100x80000000000000006861073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b259feaee273b1762022-01-05 09:20:08.959root 11241100x80000000000000006861074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bbde515b5639912022-01-05 09:20:08.959root 11241100x80000000000000006861075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5f2b7638364a9b2022-01-05 09:20:08.959root 11241100x80000000000000006861076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716578f19644cbc82022-01-05 09:20:08.959root 11241100x80000000000000006861077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c750ce5b065ab272022-01-05 09:20:08.959root 11241100x80000000000000006861078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c49c60d04024ea2022-01-05 09:20:09.459root 11241100x80000000000000006861079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af3637eb03bb0d32022-01-05 09:20:09.459root 11241100x80000000000000006861080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040c3ffbccfaa10b2022-01-05 09:20:09.459root 11241100x80000000000000006861081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99a942bdad983fa2022-01-05 09:20:09.459root 11241100x80000000000000006861082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bee06420fe53102022-01-05 09:20:09.459root 11241100x80000000000000006861083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bbe7d9bbe9c6c12022-01-05 09:20:09.959root 11241100x80000000000000006861084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73102b4b6fd37c3b2022-01-05 09:20:09.959root 11241100x80000000000000006861085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f338aacb21455bd2022-01-05 09:20:09.959root 11241100x80000000000000006861086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c75cf94ad1a2b2022-01-05 09:20:09.959root 11241100x80000000000000006861087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6776bb6c487c3ba2022-01-05 09:20:09.960root 11241100x80000000000000006861088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b92be7792f158692022-01-05 09:20:10.459root 11241100x80000000000000006861089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90585dde1b143d002022-01-05 09:20:10.459root 11241100x80000000000000006861090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2237425a6789656d2022-01-05 09:20:10.459root 11241100x80000000000000006861091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b42f286365346e2022-01-05 09:20:10.459root 11241100x80000000000000006861092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83c6cffd6124022022-01-05 09:20:10.460root 11241100x80000000000000006861093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a133929242c05ab2022-01-05 09:20:10.959root 11241100x80000000000000006861094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcb78afca4bd37d2022-01-05 09:20:10.959root 11241100x80000000000000006861095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502ef3957013e0552022-01-05 09:20:10.959root 11241100x80000000000000006861096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710c650b81cd37c2022-01-05 09:20:10.959root 11241100x80000000000000006861097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d6bc93adee5102022-01-05 09:20:10.959root 11241100x80000000000000006861098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d75cc0c0b8cf4f2022-01-05 09:20:11.459root 11241100x80000000000000006861099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc731cb65cbaf2e2022-01-05 09:20:11.459root 11241100x80000000000000006861100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3c022ca1b2a2802022-01-05 09:20:11.459root 11241100x80000000000000006861101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc8c2fba7fff222022-01-05 09:20:11.459root 11241100x80000000000000006861102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5a488d0e2ca8fb2022-01-05 09:20:11.459root 11241100x80000000000000006861103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99884d10909535152022-01-05 09:20:11.959root 11241100x80000000000000006861104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48d1a3f00a9b2422022-01-05 09:20:11.959root 11241100x80000000000000006861105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7837c33a8d23a32022-01-05 09:20:11.959root 11241100x80000000000000006861106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7372074b8b8687b02022-01-05 09:20:11.959root 11241100x80000000000000006861107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578858da2516d33b2022-01-05 09:20:11.960root 11241100x80000000000000006861108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae096150804bcca2022-01-05 09:20:12.459root 11241100x80000000000000006861109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999284e5051ffebd2022-01-05 09:20:12.459root 11241100x80000000000000006861110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1d34b45a45a1d2022-01-05 09:20:12.459root 11241100x80000000000000006861111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c99d044e188bb52022-01-05 09:20:12.459root 11241100x80000000000000006861112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410c7e2c3bb7c0332022-01-05 09:20:12.459root 11241100x80000000000000006861113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52525d25ded67cf32022-01-05 09:20:12.959root 11241100x80000000000000006861114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84ce900258ad7972022-01-05 09:20:12.959root 11241100x80000000000000006861115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedc70e7370bc2a42022-01-05 09:20:12.959root 11241100x80000000000000006861116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7225461ca355e62022-01-05 09:20:12.959root 11241100x80000000000000006861117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b997c674d34fd05b2022-01-05 09:20:12.959root 354300x80000000000000006861118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.177{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40692-false10.0.1.12-8000- 11241100x80000000000000006861119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc2e0922113bc22022-01-05 09:20:13.459root 11241100x80000000000000006861120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f5bf7a299f66f22022-01-05 09:20:13.459root 11241100x80000000000000006861121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eddf32d8f38ce532022-01-05 09:20:13.459root 11241100x80000000000000006861122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b4f868e25677f2022-01-05 09:20:13.459root 11241100x80000000000000006861123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00d1e9707216bd2022-01-05 09:20:13.460root 11241100x80000000000000006861124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d79b34ffabe34db2022-01-05 09:20:13.460root 11241100x80000000000000006861125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c70a729dbd2ed0f2022-01-05 09:20:13.959root 11241100x80000000000000006861126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87278e0568f8705f2022-01-05 09:20:13.959root 11241100x80000000000000006861127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e634bfd054852f0e2022-01-05 09:20:13.959root 11241100x80000000000000006861128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b157e1f65b8166b02022-01-05 09:20:13.960root 11241100x80000000000000006861129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d751c0bd99869d32022-01-05 09:20:13.960root 11241100x80000000000000006861130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d020623b804a172022-01-05 09:20:13.960root 534500x80000000000000006861131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.985{ec2e79f3-af45-61d2-c81a-c448f1550000}466/lib/systemd/systemd-journaldroot 11241100x80000000000000006861132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6301badc89362c712022-01-05 09:20:14.459root 11241100x80000000000000006861133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1542c9f3838bf92022-01-05 09:20:14.459root 11241100x80000000000000006861134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666b91791dc0ea762022-01-05 09:20:14.459root 11241100x80000000000000006861135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e97d10913d82022022-01-05 09:20:14.459root 11241100x80000000000000006861136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6c764b3c72a70c2022-01-05 09:20:14.459root 11241100x80000000000000006861137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df25a986da99742022-01-05 09:20:14.459root 11241100x80000000000000006861138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e82f05fe3bb0462022-01-05 09:20:14.460root 11241100x80000000000000006861139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c56e6b9151c9fb2022-01-05 09:20:14.959root 11241100x80000000000000006861140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd19758796e0b39d2022-01-05 09:20:14.959root 11241100x80000000000000006861141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f47146d65343782022-01-05 09:20:14.959root 11241100x80000000000000006861142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a617497e32a1442022-01-05 09:20:14.959root 11241100x80000000000000006861143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0acba08af13fb2022-01-05 09:20:14.959root 11241100x80000000000000006861144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f4ae7ba1a20342022-01-05 09:20:14.959root 11241100x80000000000000006861145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80c03f0d55b989e2022-01-05 09:20:14.960root 11241100x80000000000000006861146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4004c8b60e0385fc2022-01-05 09:20:15.459root 11241100x80000000000000006861147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c25858283649332022-01-05 09:20:15.459root 11241100x80000000000000006861148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc132c2ee9b98852022-01-05 09:20:15.459root 11241100x80000000000000006861149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752e08b410aa43c02022-01-05 09:20:15.459root 11241100x80000000000000006861150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a8245c31f3f6202022-01-05 09:20:15.459root 11241100x80000000000000006861151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c417602def08af952022-01-05 09:20:15.459root 11241100x80000000000000006861152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c61100830f370d2022-01-05 09:20:15.460root 11241100x80000000000000006861153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d56777ac5951942022-01-05 09:20:15.959root 11241100x80000000000000006861154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c82ec76b458aa522022-01-05 09:20:15.959root 11241100x80000000000000006861155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f3f7f43416293b2022-01-05 09:20:15.959root 11241100x80000000000000006861156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f3fe444ee78df2022-01-05 09:20:15.960root 11241100x80000000000000006861157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892f565765488efa2022-01-05 09:20:15.960root 11241100x80000000000000006861158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3aaac3cf044a82022-01-05 09:20:15.960root 11241100x80000000000000006861159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52e86911eff79e42022-01-05 09:20:15.960root 11241100x80000000000000006861160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663a369979dbf7f2022-01-05 09:20:16.459root 11241100x80000000000000006861161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca53a76b4f5c460e2022-01-05 09:20:16.459root 11241100x80000000000000006861162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca1168eb10794182022-01-05 09:20:16.459root 11241100x80000000000000006861163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37570a37db7bc29a2022-01-05 09:20:16.459root 11241100x80000000000000006861164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ba81a85253ce32022-01-05 09:20:16.459root 11241100x80000000000000006861165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8498260bcbb220332022-01-05 09:20:16.459root 11241100x80000000000000006861166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808c3d0bb5eb15a2022-01-05 09:20:16.460root 11241100x80000000000000006861167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f18583bc77a2a02022-01-05 09:20:16.959root 11241100x80000000000000006861168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f8d44042f65bbb2022-01-05 09:20:16.959root 11241100x80000000000000006861169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20e19b26a3a73552022-01-05 09:20:16.959root 11241100x80000000000000006861170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e8065a326e1532022-01-05 09:20:16.959root 11241100x80000000000000006861171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5485ebb85ed231a02022-01-05 09:20:16.959root 11241100x80000000000000006861172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b43d0772b3e7712022-01-05 09:20:16.960root 11241100x80000000000000006861173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37cdad1c32598ea2022-01-05 09:20:16.960root 11241100x80000000000000006861174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d90594a7056fbac2022-01-05 09:20:17.459root 11241100x80000000000000006861175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f87241a1f4a9dc2022-01-05 09:20:17.459root 11241100x80000000000000006861176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117f8844e7ff49f2022-01-05 09:20:17.459root 11241100x80000000000000006861177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18130c580c1e9c82022-01-05 09:20:17.459root 11241100x80000000000000006861178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85506c57e7c826b52022-01-05 09:20:17.459root 11241100x80000000000000006861179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ba3b38b4cb8d22022-01-05 09:20:17.459root 11241100x80000000000000006861180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c30dd4262759deb2022-01-05 09:20:17.460root 11241100x80000000000000006861181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e235fe054c59258b2022-01-05 09:20:17.959root 11241100x80000000000000006861182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d7c8b5faa87412022-01-05 09:20:17.959root 11241100x80000000000000006861183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5322181954e4cd2022-01-05 09:20:17.959root 11241100x80000000000000006861184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b37b440c7780ec2022-01-05 09:20:17.959root 11241100x80000000000000006861185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4187f768bcbdda72022-01-05 09:20:17.960root 11241100x80000000000000006861186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0646a178c4c6b0d2022-01-05 09:20:17.960root 11241100x80000000000000006861187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75bc71fe411ca1d2022-01-05 09:20:17.960root 354300x80000000000000006861188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.200{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40694-false10.0.1.12-8000- 11241100x80000000000000006861189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d1aaf6ae04fa0f2022-01-05 09:20:18.459root 11241100x80000000000000006861190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c4ccf7d5aee89d2022-01-05 09:20:18.459root 11241100x80000000000000006861191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71b8819ce324b82022-01-05 09:20:18.460root 11241100x80000000000000006861192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dfdd04e5a7499f2022-01-05 09:20:18.460root 11241100x80000000000000006861193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a8326f13831622022-01-05 09:20:18.460root 11241100x80000000000000006861194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7bea3ee81a2c632022-01-05 09:20:18.460root 11241100x80000000000000006861195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9898b470ad51cfb2022-01-05 09:20:18.460root 11241100x80000000000000006861196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbeefe99b2a2a7a2022-01-05 09:20:18.460root 11241100x80000000000000006861197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352599bd22d87972022-01-05 09:20:18.959root 11241100x80000000000000006861198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad227607707c1afb2022-01-05 09:20:18.959root 11241100x80000000000000006861199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f67eef53baa5d82022-01-05 09:20:18.960root 11241100x80000000000000006861200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a5b7bfeb325b712022-01-05 09:20:18.960root 11241100x80000000000000006861201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c90e904a703babc2022-01-05 09:20:18.960root 11241100x80000000000000006861202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f17b5736f9ffa1e2022-01-05 09:20:18.960root 11241100x80000000000000006861203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021b38567c70bd682022-01-05 09:20:18.960root 11241100x80000000000000006861204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2364d92f1c641e2022-01-05 09:20:18.961root 11241100x80000000000000006861205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7402e645e474152022-01-05 09:20:19.459root 11241100x80000000000000006861206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621d593ce593ee742022-01-05 09:20:19.459root 11241100x80000000000000006861207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c8effe42a70f002022-01-05 09:20:19.459root 11241100x80000000000000006861208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c09461b38a54eb2022-01-05 09:20:19.459root 11241100x80000000000000006861209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d20a43ff7ee57202022-01-05 09:20:19.460root 11241100x80000000000000006861210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b2fa096da71f52022-01-05 09:20:19.460root 11241100x80000000000000006861211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2940b0f15876090c2022-01-05 09:20:19.460root 11241100x80000000000000006861212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4ca056dacf08022022-01-05 09:20:19.460root 11241100x80000000000000006861213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26118ed7d71e6c532022-01-05 09:20:19.959root 11241100x80000000000000006861214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2886e8b82469502022-01-05 09:20:19.959root 11241100x80000000000000006861215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf1a3be6f68fe402022-01-05 09:20:19.960root 11241100x80000000000000006861216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c553c43a57dcd0432022-01-05 09:20:19.960root 11241100x80000000000000006861217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d311d2cbb114532022-01-05 09:20:19.960root 11241100x80000000000000006861218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf60da0ee51aca2022-01-05 09:20:19.960root 11241100x80000000000000006861219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc09cefd14d9322022-01-05 09:20:19.960root 11241100x80000000000000006861220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb1ccc9dc9f7a52022-01-05 09:20:19.960root 11241100x80000000000000006861221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18eaca10a2e7eb342022-01-05 09:20:20.459root 11241100x80000000000000006861222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95df4575f8a7c5b62022-01-05 09:20:20.459root 11241100x80000000000000006861223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a95c5499768c26f2022-01-05 09:20:20.459root 11241100x80000000000000006861224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d4b3ec5308845d2022-01-05 09:20:20.459root 11241100x80000000000000006861225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecf59f607ea30c32022-01-05 09:20:20.460root 11241100x80000000000000006861226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebb7a758fd323192022-01-05 09:20:20.460root 11241100x80000000000000006861227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37bde3b326da14a2022-01-05 09:20:20.460root 11241100x80000000000000006861228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3f2f352cc1d4a2022-01-05 09:20:20.460root 11241100x80000000000000006861229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92407e063fa3f5e32022-01-05 09:20:20.959root 11241100x80000000000000006861230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d8ba2322069ad52022-01-05 09:20:20.959root 11241100x80000000000000006861231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f294e5c827aba27d2022-01-05 09:20:20.960root 11241100x80000000000000006861232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28a16e954d8c8322022-01-05 09:20:20.960root 11241100x80000000000000006861233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9023ec1b69a3086b2022-01-05 09:20:20.960root 11241100x80000000000000006861234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bad8c7b2e95ee62022-01-05 09:20:20.960root 11241100x80000000000000006861235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb99f05aacc55bf2022-01-05 09:20:20.960root 11241100x80000000000000006861236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a50888cce83c472022-01-05 09:20:20.960root 11241100x80000000000000006861237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777bad539a64e67f2022-01-05 09:20:21.459root 11241100x80000000000000006861238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb072c13af79be2022-01-05 09:20:21.459root 11241100x80000000000000006861239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff78f63e7464a6292022-01-05 09:20:21.459root 11241100x80000000000000006861240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9a6f85ff98d3582022-01-05 09:20:21.459root 11241100x80000000000000006861241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4df921644eebaf82022-01-05 09:20:21.460root 11241100x80000000000000006861242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b000d7dc74f8dbe62022-01-05 09:20:21.460root 11241100x80000000000000006861243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b524b5b0667f0372022-01-05 09:20:21.460root 11241100x80000000000000006861244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c538bbff98bcff1a2022-01-05 09:20:21.460root 11241100x80000000000000006861245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9543207e90d6b5d52022-01-05 09:20:21.959root 11241100x80000000000000006861246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a0bb0e078af042022-01-05 09:20:21.959root 11241100x80000000000000006861247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee0c8064e5a69f42022-01-05 09:20:21.959root 11241100x80000000000000006861248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eeda6ba47fbb3a2022-01-05 09:20:21.959root 11241100x80000000000000006861249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408d7d60e18f5dfe2022-01-05 09:20:21.960root 11241100x80000000000000006861250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ffda0c6ec25f202022-01-05 09:20:21.960root 11241100x80000000000000006861251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98ba34e9fcfa1aa2022-01-05 09:20:21.960root 11241100x80000000000000006861252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02fa16cbeb23cdc2022-01-05 09:20:21.960root 11241100x80000000000000006861253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43fe25743cc7a842022-01-05 09:20:22.459root 11241100x80000000000000006861254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4711afe37e6e5d72022-01-05 09:20:22.460root 11241100x80000000000000006861255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a125bce9f5f2b4fd2022-01-05 09:20:22.460root 11241100x80000000000000006861256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39465db8ea826132022-01-05 09:20:22.460root 11241100x80000000000000006861257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf8f3deee7ff432022-01-05 09:20:22.460root 11241100x80000000000000006861258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b0d8e5b91128882022-01-05 09:20:22.460root 11241100x80000000000000006861259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddf77e5e74d735f2022-01-05 09:20:22.460root 11241100x80000000000000006861260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64425e99ab631ef2022-01-05 09:20:22.460root 11241100x80000000000000006861261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55aaa6d9992216d2022-01-05 09:20:22.959root 11241100x80000000000000006861262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d2b571e2fe29832022-01-05 09:20:22.959root 11241100x80000000000000006861263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d756e7a3fe44ac92022-01-05 09:20:22.959root 11241100x80000000000000006861264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57819bea99bf00ac2022-01-05 09:20:22.959root 11241100x80000000000000006861265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ea107012dcae62022-01-05 09:20:22.960root 11241100x80000000000000006861266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d27a1536750842022-01-05 09:20:22.960root 11241100x80000000000000006861267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8069afd6ce10572022-01-05 09:20:22.960root 11241100x80000000000000006861268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071dd38aae2233952022-01-05 09:20:22.960root 11241100x80000000000000006861269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f1d5fe964b13542022-01-05 09:20:23.459root 11241100x80000000000000006861270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405fd91057c2e7b42022-01-05 09:20:23.459root 11241100x80000000000000006861271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb852263087d2e12022-01-05 09:20:23.459root 11241100x80000000000000006861272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6326b6c1520c95c2022-01-05 09:20:23.459root 11241100x80000000000000006861273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006dc471e4c35fca2022-01-05 09:20:23.460root 11241100x80000000000000006861274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ea44971121eaa42022-01-05 09:20:23.460root 11241100x80000000000000006861275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ebee3dd55e5df2022-01-05 09:20:23.460root 11241100x80000000000000006861276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78048da376c283782022-01-05 09:20:23.460root 11241100x80000000000000006861277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc52470d413474f2022-01-05 09:20:23.959root 11241100x80000000000000006861278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3758f8071684812022-01-05 09:20:23.959root 11241100x80000000000000006861279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aa6adb5f1000a22022-01-05 09:20:23.959root 11241100x80000000000000006861280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb18631796ee34bd2022-01-05 09:20:23.959root 11241100x80000000000000006861281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2791e72551af597b2022-01-05 09:20:23.960root 11241100x80000000000000006861282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264e4389245803a2022-01-05 09:20:23.960root 11241100x80000000000000006861283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e58bae0f4d10d692022-01-05 09:20:23.960root 11241100x80000000000000006861284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c57f14aa80a45832022-01-05 09:20:23.960root 354300x80000000000000006861285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.009{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40696-false10.0.1.12-8000- 11241100x80000000000000006861286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b868eea60bc180f72022-01-05 09:20:24.459root 11241100x80000000000000006861287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003320d8ecf534d52022-01-05 09:20:24.459root 11241100x80000000000000006861288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a25eb9eacd0fb2022-01-05 09:20:24.459root 11241100x80000000000000006861289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2dd5467dab44892022-01-05 09:20:24.459root 11241100x80000000000000006861290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb62335b906fe4832022-01-05 09:20:24.459root 11241100x80000000000000006861291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ca5fdd94c407b2022-01-05 09:20:24.460root 11241100x80000000000000006861292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79964890de4d64e2022-01-05 09:20:24.460root 11241100x80000000000000006861293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1267a3c3855e3c282022-01-05 09:20:24.460root 11241100x80000000000000006861294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1c567eef784052022-01-05 09:20:24.460root 11241100x80000000000000006861295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24add107f137df222022-01-05 09:20:24.959root 11241100x80000000000000006861296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27707c32f088c6ac2022-01-05 09:20:24.959root 11241100x80000000000000006861297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cd02586990c4542022-01-05 09:20:24.959root 11241100x80000000000000006861298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf529144e42daa422022-01-05 09:20:24.960root 11241100x80000000000000006861299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43970750b1b54f02022-01-05 09:20:24.960root 11241100x80000000000000006861300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcd5b012d1f7b8b2022-01-05 09:20:24.960root 11241100x80000000000000006861301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e719dca1b87387782022-01-05 09:20:24.960root 11241100x80000000000000006861302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d527f162b7ce9a2022-01-05 09:20:24.960root 11241100x80000000000000006861303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a219d355f49f8c572022-01-05 09:20:24.960root 11241100x80000000000000006861304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf53a113a1ef33d2022-01-05 09:20:25.459root 11241100x80000000000000006861305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9969833005a0b9eb2022-01-05 09:20:25.459root 11241100x80000000000000006861306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c684e331a8efb2022-01-05 09:20:25.459root 11241100x80000000000000006861307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50747a45b52a5a302022-01-05 09:20:25.459root 11241100x80000000000000006861308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0501df2195a62e12022-01-05 09:20:25.460root 11241100x80000000000000006861309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8083223ca7a3f6cf2022-01-05 09:20:25.460root 11241100x80000000000000006861310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e0b6c35d58a9bd2022-01-05 09:20:25.460root 11241100x80000000000000006861311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75d1f1ef35a58f82022-01-05 09:20:25.460root 11241100x80000000000000006861312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f1a69058c1b1a32022-01-05 09:20:25.460root 11241100x80000000000000006861313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fed13f2f1cc2a52022-01-05 09:20:25.959root 11241100x80000000000000006861314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393dff69a698373b2022-01-05 09:20:25.960root 11241100x80000000000000006861315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e361afa3df0226082022-01-05 09:20:25.960root 11241100x80000000000000006861316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9644dd1b43a66a62022-01-05 09:20:25.960root 11241100x80000000000000006861317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ff2388941153c2022-01-05 09:20:25.960root 11241100x80000000000000006861318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4970d233b2c064a2022-01-05 09:20:25.960root 11241100x80000000000000006861319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7df8e0b4177b3642022-01-05 09:20:25.960root 11241100x80000000000000006861320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67c8c40d080cfee2022-01-05 09:20:25.960root 11241100x80000000000000006861321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb79a8fb9d0acac2022-01-05 09:20:25.960root 11241100x80000000000000006861322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00b087aacd5cf722022-01-05 09:20:26.459root 11241100x80000000000000006861323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400bdf1c6a6716dd2022-01-05 09:20:26.459root 11241100x80000000000000006861324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b9ed0fa9544cfd2022-01-05 09:20:26.459root 11241100x80000000000000006861325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e90d21e7550d52022-01-05 09:20:26.459root 11241100x80000000000000006861326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb85c7e0fe297912022-01-05 09:20:26.460root 11241100x80000000000000006861327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878a2b91c08e2292022-01-05 09:20:26.460root 11241100x80000000000000006861328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0e56230cf7ae532022-01-05 09:20:26.460root 11241100x80000000000000006861329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27631756af679b6f2022-01-05 09:20:26.460root 11241100x80000000000000006861330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932f2825c49376282022-01-05 09:20:26.460root 11241100x80000000000000006861331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbf7334d00feca52022-01-05 09:20:26.959root 11241100x80000000000000006861332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e510a163e33f33b2022-01-05 09:20:26.959root 11241100x80000000000000006861333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1077ca0c92a9982022-01-05 09:20:26.959root 11241100x80000000000000006861334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa4cd8bc8f7569d2022-01-05 09:20:26.959root 11241100x80000000000000006861335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65e33301920b5192022-01-05 09:20:26.959root 11241100x80000000000000006861336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd2a9c100c5a7e32022-01-05 09:20:26.960root 11241100x80000000000000006861337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03e9a618abc2dc82022-01-05 09:20:26.960root 11241100x80000000000000006861338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1b3ed2ae88beb32022-01-05 09:20:26.960root 11241100x80000000000000006861339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1408696c240103d72022-01-05 09:20:26.960root 11241100x80000000000000006861340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384eb6af9644536b2022-01-05 09:20:27.459root 11241100x80000000000000006861341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1edb90749451b92022-01-05 09:20:27.459root 11241100x80000000000000006861342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f63f8d46159ae2022-01-05 09:20:27.459root 11241100x80000000000000006861343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da46db253a740e752022-01-05 09:20:27.459root 11241100x80000000000000006861344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0565d141c577bfb12022-01-05 09:20:27.459root 11241100x80000000000000006861345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1f1c3e1aac7492022-01-05 09:20:27.460root 11241100x80000000000000006861346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a199557968887f2022-01-05 09:20:27.460root 11241100x80000000000000006861347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c218c1d5590573a42022-01-05 09:20:27.460root 11241100x80000000000000006861348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76df188900753e12022-01-05 09:20:27.460root 11241100x80000000000000006861349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228837ec749904b2022-01-05 09:20:27.959root 11241100x80000000000000006861350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d86e435cffd5f502022-01-05 09:20:27.959root 11241100x80000000000000006861351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae0a12da59efefa2022-01-05 09:20:27.959root 11241100x80000000000000006861352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f437be34f0c51b92022-01-05 09:20:27.959root 11241100x80000000000000006861353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745198f379bad7a52022-01-05 09:20:27.959root 11241100x80000000000000006861354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d30dd9514f8972022-01-05 09:20:27.960root 11241100x80000000000000006861355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dafa220f0260a612022-01-05 09:20:27.960root 11241100x80000000000000006861356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe900ef4e6ca4812022-01-05 09:20:27.960root 11241100x80000000000000006861357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8320fead8acea42022-01-05 09:20:27.960root 11241100x80000000000000006861358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67164a5b5a406fb62022-01-05 09:20:28.459root 11241100x80000000000000006861359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e601f4dda6a10a722022-01-05 09:20:28.459root 11241100x80000000000000006861360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431689f4632b14f02022-01-05 09:20:28.460root 11241100x80000000000000006861361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9ad1eb0000ba42022-01-05 09:20:28.460root 11241100x80000000000000006861362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2ff32b6005780f2022-01-05 09:20:28.460root 11241100x80000000000000006861363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6994bb3834836f592022-01-05 09:20:28.460root 11241100x80000000000000006861364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3b6a3db913afd2022-01-05 09:20:28.460root 11241100x80000000000000006861365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85145ff4cebbae7a2022-01-05 09:20:28.460root 11241100x80000000000000006861366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871f788674a5b5652022-01-05 09:20:28.460root 11241100x80000000000000006861367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a62d26d6f9c7caa2022-01-05 09:20:28.959root 11241100x80000000000000006861368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2560072024b492022-01-05 09:20:28.959root 11241100x80000000000000006861369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9796bf43da177402022-01-05 09:20:28.959root 11241100x80000000000000006861370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b6ea21926994042022-01-05 09:20:28.959root 11241100x80000000000000006861371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee18e4dfa0d513ef2022-01-05 09:20:28.959root 11241100x80000000000000006861372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17199c6d67cd9da42022-01-05 09:20:28.960root 11241100x80000000000000006861373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3857ffbbf9227ee2022-01-05 09:20:28.960root 11241100x80000000000000006861374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866edadefef5a6622022-01-05 09:20:28.960root 11241100x80000000000000006861375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed8542175edbc9c2022-01-05 09:20:28.960root 354300x80000000000000006861376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.163{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40698-false10.0.1.12-8000- 11241100x80000000000000006861377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:20:29.402root 11241100x80000000000000006861378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c51427b143d0ec2022-01-05 09:20:29.404root 11241100x80000000000000006861379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17533455848bb722022-01-05 09:20:29.404root 11241100x80000000000000006861380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b518fba2b94161ff2022-01-05 09:20:29.404root 11241100x80000000000000006861381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb898af6ce88c302022-01-05 09:20:29.404root 11241100x80000000000000006861382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9bf17f01e6d1ef2022-01-05 09:20:29.404root 11241100x80000000000000006861383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc517cc5c5c4f42022-01-05 09:20:29.404root 11241100x80000000000000006861384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ad089eac1d1ce2022-01-05 09:20:29.404root 11241100x80000000000000006861385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac263ab2b0107b422022-01-05 09:20:29.404root 11241100x80000000000000006861386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db257369533f5c2022-01-05 09:20:29.404root 11241100x80000000000000006861387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b84f6979ac889692022-01-05 09:20:29.405root 11241100x80000000000000006861388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63baa705d487f3c32022-01-05 09:20:29.405root 11241100x80000000000000006861389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00ea25f1eb262c62022-01-05 09:20:29.709root 11241100x80000000000000006861390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06304be50a4451c2022-01-05 09:20:29.710root 11241100x80000000000000006861391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a8eb22933d80fb2022-01-05 09:20:29.710root 11241100x80000000000000006861392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47981a2dcb9a99222022-01-05 09:20:29.710root 11241100x80000000000000006861393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659fa0ee19c2e942022-01-05 09:20:29.710root 11241100x80000000000000006861394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f2c8546d9c50062022-01-05 09:20:29.710root 11241100x80000000000000006861395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23502bdebdda802022-01-05 09:20:29.710root 11241100x80000000000000006861396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbe1d47c3c3e00c2022-01-05 09:20:29.710root 11241100x80000000000000006861397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f444c390f166bd202022-01-05 09:20:29.710root 11241100x80000000000000006861398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8763d30d760e16da2022-01-05 09:20:29.710root 11241100x80000000000000006861399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8232936c56ef288a2022-01-05 09:20:29.710root 11241100x80000000000000006861400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd111a8daea4fb82022-01-05 09:20:30.209root 11241100x80000000000000006861401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3c63010015fa82022-01-05 09:20:30.209root 11241100x80000000000000006861402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5638fd0b994f712022-01-05 09:20:30.209root 11241100x80000000000000006861403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e7f8ea2a93afd82022-01-05 09:20:30.210root 11241100x80000000000000006861404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d4087fb24095602022-01-05 09:20:30.210root 11241100x80000000000000006861405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d49f8e2401bee42022-01-05 09:20:30.210root 11241100x80000000000000006861406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f06fde73da9a72022-01-05 09:20:30.210root 11241100x80000000000000006861407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dc0a458bd7fba32022-01-05 09:20:30.210root 11241100x80000000000000006861408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0131db637ab2c62022-01-05 09:20:30.210root 11241100x80000000000000006861409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898a195e11dd79c02022-01-05 09:20:30.210root 11241100x80000000000000006861410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7536d168d1fb95b2022-01-05 09:20:30.210root 11241100x80000000000000006861411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91ab23f823d4a1f2022-01-05 09:20:30.709root 11241100x80000000000000006861412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea401d8aff52922022-01-05 09:20:30.709root 11241100x80000000000000006861413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1285bc7833423a9b2022-01-05 09:20:30.709root 11241100x80000000000000006861414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecbf0cfa0c93a3e2022-01-05 09:20:30.710root 11241100x80000000000000006861415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bec1fed071f4a32022-01-05 09:20:30.710root 11241100x80000000000000006861416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c6021a79c5f9c42022-01-05 09:20:30.710root 11241100x80000000000000006861417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e3bd91096db32f2022-01-05 09:20:30.710root 11241100x80000000000000006861418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4f6cf7f1592aa72022-01-05 09:20:30.710root 11241100x80000000000000006861419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7740daf1639aea42022-01-05 09:20:30.710root 11241100x80000000000000006861420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc738e657eccd99e2022-01-05 09:20:30.710root 11241100x80000000000000006861421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc9324bb5625e42022-01-05 09:20:30.710root 11241100x80000000000000006861422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ae98fe512cc1d2022-01-05 09:20:31.209root 11241100x80000000000000006861423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377934ccc14fa9502022-01-05 09:20:31.209root 11241100x80000000000000006861424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775990bb4e60ac42022-01-05 09:20:31.209root 11241100x80000000000000006861425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b353227d7f81bde32022-01-05 09:20:31.210root 11241100x80000000000000006861426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebe9b5cb3f890022022-01-05 09:20:31.210root 11241100x80000000000000006861427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bcf908ffe664992022-01-05 09:20:31.210root 11241100x80000000000000006861428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77555ba0620956d12022-01-05 09:20:31.210root 11241100x80000000000000006861429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d555c96394561f32022-01-05 09:20:31.210root 11241100x80000000000000006861430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c543b71b14b85a022022-01-05 09:20:31.210root 11241100x80000000000000006861431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe522641d2e3a222022-01-05 09:20:31.210root 11241100x80000000000000006861432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4566c9a33a1e14172022-01-05 09:20:31.210root 11241100x80000000000000006861433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b509426a2340822022-01-05 09:20:31.709root 11241100x80000000000000006861434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81e168b4c42081b2022-01-05 09:20:31.709root 11241100x80000000000000006861435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fb38f94a1f58922022-01-05 09:20:31.710root 11241100x80000000000000006861436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1bc8a72a151822022-01-05 09:20:31.710root 11241100x80000000000000006861437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1442bd102d4952c2022-01-05 09:20:31.710root 11241100x80000000000000006861438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4876390d767a4b2022-01-05 09:20:31.710root 11241100x80000000000000006861439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c33bf12caf5012022-01-05 09:20:31.710root 11241100x80000000000000006861440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec0ed7598b0654d2022-01-05 09:20:31.710root 11241100x80000000000000006861441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84622ba5e49bc732022-01-05 09:20:31.710root 11241100x80000000000000006861442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18b3e1c63a842842022-01-05 09:20:31.710root 11241100x80000000000000006861443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1abd47920633a32022-01-05 09:20:31.710root 11241100x80000000000000006861444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46c7ba2b2a19ad2022-01-05 09:20:32.209root 11241100x80000000000000006861445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b8e5b1fa9d51d52022-01-05 09:20:32.209root 11241100x80000000000000006861446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f33e7638abf86402022-01-05 09:20:32.209root 11241100x80000000000000006861447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363aadfa161d87db2022-01-05 09:20:32.210root 11241100x80000000000000006861448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d55ad89e74207b2022-01-05 09:20:32.210root 11241100x80000000000000006861449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebb31df1131f0f52022-01-05 09:20:32.210root 11241100x80000000000000006861450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a6abf32d29c80e2022-01-05 09:20:32.210root 11241100x80000000000000006861451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d80d514928a12e42022-01-05 09:20:32.210root 11241100x80000000000000006861452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e929582d24fcb2022-01-05 09:20:32.210root 11241100x80000000000000006861453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b533d031c7191612022-01-05 09:20:32.210root 11241100x80000000000000006861454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cea84514d658a42022-01-05 09:20:32.210root 23542300x80000000000000006861455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006861456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a55e667cfae25982022-01-05 09:20:32.709root 11241100x80000000000000006861457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01dc8c467a55f192022-01-05 09:20:32.709root 11241100x80000000000000006861458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7751c17e1ee7432022-01-05 09:20:32.709root 11241100x80000000000000006861459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df45ef9d2d010ad2022-01-05 09:20:32.710root 11241100x80000000000000006861460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86e398a082d45fa2022-01-05 09:20:32.710root 11241100x80000000000000006861461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f0c45b4d656912022-01-05 09:20:32.710root 11241100x80000000000000006861462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc895c975240d0dd2022-01-05 09:20:32.710root 11241100x80000000000000006861463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b107a99174c512022-01-05 09:20:32.710root 11241100x80000000000000006861464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73d67e17a4da1862022-01-05 09:20:32.710root 11241100x80000000000000006861465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756a267e176a44822022-01-05 09:20:32.710root 11241100x80000000000000006861466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45764c7dfcf397102022-01-05 09:20:32.710root 11241100x80000000000000006861467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cdcde0a4889c202022-01-05 09:20:32.710root 11241100x80000000000000006861468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4404d5c5c0c55f262022-01-05 09:20:33.209root 11241100x80000000000000006861469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a7431c7da5bd602022-01-05 09:20:33.209root 11241100x80000000000000006861470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165376b5d50f1d4c2022-01-05 09:20:33.209root 11241100x80000000000000006861471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac4cfe8efe8900b2022-01-05 09:20:33.209root 11241100x80000000000000006861472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903bda79f6843bec2022-01-05 09:20:33.209root 11241100x80000000000000006861473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ae378583fb614b2022-01-05 09:20:33.210root 11241100x80000000000000006861474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ced59c18aaf0d92022-01-05 09:20:33.210root 11241100x80000000000000006861475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d11abb3ebd9877b2022-01-05 09:20:33.210root 11241100x80000000000000006861476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f799b9615e25c32022-01-05 09:20:33.210root 11241100x80000000000000006861477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a28dbb40acfc42022-01-05 09:20:33.210root 11241100x80000000000000006861478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d59cd69f17ac842022-01-05 09:20:33.211root 11241100x80000000000000006861479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea96a603ff7ad1992022-01-05 09:20:33.211root 354300x80000000000000006861480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.441{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41180-false10.0.1.12-8089- 11241100x80000000000000006861481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18e406f389c08492022-01-05 09:20:33.709root 11241100x80000000000000006861482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd084161bb0270842022-01-05 09:20:33.709root 11241100x80000000000000006861483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdb546d278f3cf72022-01-05 09:20:33.709root 11241100x80000000000000006861484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8180b14c74ef22022-01-05 09:20:33.710root 11241100x80000000000000006861485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09ceeacbab9f2672022-01-05 09:20:33.710root 11241100x80000000000000006861486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e52064af6b863f2022-01-05 09:20:33.710root 11241100x80000000000000006861487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c206ce2cf11126c2022-01-05 09:20:33.710root 11241100x80000000000000006861488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777087d781bac622022-01-05 09:20:33.711root 11241100x80000000000000006861489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95ff2ba33df3de2022-01-05 09:20:33.711root 11241100x80000000000000006861490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37cc1b0dfd7cc142022-01-05 09:20:33.711root 11241100x80000000000000006861491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1112e683b47dec2022-01-05 09:20:33.712root 11241100x80000000000000006861492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceaf3fdc05aec212022-01-05 09:20:33.712root 11241100x80000000000000006861493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a19e645cc05a4d2022-01-05 09:20:33.712root 11241100x80000000000000006861494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ae9b890bfc3e052022-01-05 09:20:34.209root 11241100x80000000000000006861495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1024d69c3b79262022-01-05 09:20:34.209root 11241100x80000000000000006861496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc6af56ef8081aa2022-01-05 09:20:34.210root 11241100x80000000000000006861497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c334fb2d2c3de2022-01-05 09:20:34.210root 11241100x80000000000000006861498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b435b7b30c9d26d02022-01-05 09:20:34.210root 11241100x80000000000000006861499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1b30afabb34bd32022-01-05 09:20:34.210root 11241100x80000000000000006861500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e1e59e2607bda2022-01-05 09:20:34.210root 11241100x80000000000000006861501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7304a62de423cfb42022-01-05 09:20:34.210root 11241100x80000000000000006861502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68cf424b25211f72022-01-05 09:20:34.210root 11241100x80000000000000006861503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2756653b9b86e4c2022-01-05 09:20:34.210root 11241100x80000000000000006861504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f78ff6ab0f5a9ac2022-01-05 09:20:34.210root 11241100x80000000000000006861505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068300ca0b74023f2022-01-05 09:20:34.210root 11241100x80000000000000006861506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7487055049e61e772022-01-05 09:20:34.210root 11241100x80000000000000006861507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d8359ddaf1f4612022-01-05 09:20:34.709root 11241100x80000000000000006861508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff261eedef9dab512022-01-05 09:20:34.710root 11241100x80000000000000006861509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d11eadc5d697b12022-01-05 09:20:34.710root 11241100x80000000000000006861510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5403da956fa39f82022-01-05 09:20:34.710root 11241100x80000000000000006861511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32011233111ee3082022-01-05 09:20:34.710root 11241100x80000000000000006861512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87235cf0fcae09972022-01-05 09:20:34.710root 11241100x80000000000000006861513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7604fd79c15dbb2022-01-05 09:20:34.710root 11241100x80000000000000006861514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270913282e6c1022022-01-05 09:20:34.710root 11241100x80000000000000006861515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff90e8bfd44a49762022-01-05 09:20:34.710root 11241100x80000000000000006861516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39092e10ef73e25f2022-01-05 09:20:34.710root 11241100x80000000000000006861517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf16c1e7b84dbf82022-01-05 09:20:34.710root 11241100x80000000000000006861518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069b4cced2fed692022-01-05 09:20:34.710root 11241100x80000000000000006861519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c93f37bcc85f182022-01-05 09:20:34.710root 354300x80000000000000006861520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.068{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40702-false10.0.1.12-8000- 11241100x80000000000000006861521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8649713b710e642022-01-05 09:20:35.068root 11241100x80000000000000006861522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1f1bfd24ad359b2022-01-05 09:20:35.068root 11241100x80000000000000006861523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f55d4c5c143a212022-01-05 09:20:35.069root 11241100x80000000000000006861524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3859b8fedd80472022-01-05 09:20:35.069root 11241100x80000000000000006861525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2189c22318e457902022-01-05 09:20:35.069root 11241100x80000000000000006861526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29551e8f5d7c157a2022-01-05 09:20:35.069root 11241100x80000000000000006861527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099df0b91674c402022-01-05 09:20:35.069root 11241100x80000000000000006861528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac0e9363c4475fd2022-01-05 09:20:35.069root 11241100x80000000000000006861529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239bddbf270dc2322022-01-05 09:20:35.069root 11241100x80000000000000006861530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435324ef123adaf92022-01-05 09:20:35.070root 11241100x80000000000000006861531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c85514d45485002022-01-05 09:20:35.070root 11241100x80000000000000006861532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d91c8b41c6ed82022-01-05 09:20:35.070root 11241100x80000000000000006861533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ba7b3012a15042022-01-05 09:20:35.070root 11241100x80000000000000006861534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2781c9c9e6c5ee8b2022-01-05 09:20:35.070root 11241100x80000000000000006861535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb6aa64db892b052022-01-05 09:20:35.070root 11241100x80000000000000006861536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb7571a79df1272022-01-05 09:20:35.459root 11241100x80000000000000006861537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6a096bfcb7a7d52022-01-05 09:20:35.459root 11241100x80000000000000006861538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389cef437b09d18b2022-01-05 09:20:35.460root 11241100x80000000000000006861539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b7887d9eb03d52022-01-05 09:20:35.460root 11241100x80000000000000006861540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88324719689fd28f2022-01-05 09:20:35.460root 11241100x80000000000000006861541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfb73cfe208d9b2022-01-05 09:20:35.460root 11241100x80000000000000006861542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a48d16c7400a7962022-01-05 09:20:35.460root 11241100x80000000000000006861543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a734701b1184a02022-01-05 09:20:35.460root 11241100x80000000000000006861544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6097ae45c9b36d12022-01-05 09:20:35.460root 11241100x80000000000000006861545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9138f169b82562022-01-05 09:20:35.460root 11241100x80000000000000006861546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bfec52d4cfc4aa2022-01-05 09:20:35.460root 11241100x80000000000000006861547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a5b2ba397cafa12022-01-05 09:20:35.460root 11241100x80000000000000006861548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d711be5ee6d3c9a2022-01-05 09:20:35.461root 11241100x80000000000000006861549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6951637d98c4c6f2022-01-05 09:20:35.461root 11241100x80000000000000006861550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b784195ba91da2022-01-05 09:20:35.959root 11241100x80000000000000006861551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b5d10204fc1232022-01-05 09:20:35.960root 11241100x80000000000000006861552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1155120772daa22022-01-05 09:20:35.960root 11241100x80000000000000006861553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ab8f68d3b14a892022-01-05 09:20:35.960root 11241100x80000000000000006861554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb48aeb1e0d35582022-01-05 09:20:35.960root 11241100x80000000000000006861555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc54c4455b5825b2022-01-05 09:20:35.960root 11241100x80000000000000006861556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec5db119063f59f2022-01-05 09:20:35.960root 11241100x80000000000000006861557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4138a8bfc302bb142022-01-05 09:20:35.960root 11241100x80000000000000006861558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672402ca33a5d8812022-01-05 09:20:35.960root 11241100x80000000000000006861559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a574a19ec75d9b22022-01-05 09:20:35.960root 11241100x80000000000000006861560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4f487f4987c99a2022-01-05 09:20:35.960root 11241100x80000000000000006861561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387925e424c534b72022-01-05 09:20:35.960root 11241100x80000000000000006861562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999e7f2c6a397f172022-01-05 09:20:35.961root 11241100x80000000000000006861563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b1c1fcdd03904b2022-01-05 09:20:35.961root 11241100x80000000000000006861564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae7f8522c95aff32022-01-05 09:20:36.459root 11241100x80000000000000006861565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5540d65f256d02022-01-05 09:20:36.459root 11241100x80000000000000006861566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5980ba885eb0ef2022-01-05 09:20:36.460root 11241100x80000000000000006861567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ee8b2ec7127c442022-01-05 09:20:36.460root 11241100x80000000000000006861568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3047b957ef714d2022-01-05 09:20:36.460root 11241100x80000000000000006861569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df8f8eb40126ce12022-01-05 09:20:36.460root 11241100x80000000000000006861570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9eb33372fbe992022-01-05 09:20:36.461root 11241100x80000000000000006861571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b880148a98596002022-01-05 09:20:36.461root 11241100x80000000000000006861572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e188fcb0b4ed4da82022-01-05 09:20:36.461root 11241100x80000000000000006861573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966c9bcbc720e8882022-01-05 09:20:36.461root 11241100x80000000000000006861574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb775ba1f0bf612022-01-05 09:20:36.461root 11241100x80000000000000006861575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef72611ce38e1462022-01-05 09:20:36.461root 11241100x80000000000000006861576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9bff845fa65e432022-01-05 09:20:36.461root 11241100x80000000000000006861577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4facbf2922d8dc2022-01-05 09:20:36.461root 11241100x80000000000000006861578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548714a07c44c4f02022-01-05 09:20:36.959root 11241100x80000000000000006861579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2dcf7c17d888882022-01-05 09:20:36.960root 11241100x80000000000000006861580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f9b3b05bc8fe382022-01-05 09:20:36.960root 11241100x80000000000000006861581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92699cc09f58a69e2022-01-05 09:20:36.960root 11241100x80000000000000006861582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbe4f38f60f5f42022-01-05 09:20:36.960root 11241100x80000000000000006861583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd649ab1b719a42022-01-05 09:20:36.960root 11241100x80000000000000006861584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56040ac6ceeefe12022-01-05 09:20:36.961root 11241100x80000000000000006861585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbf26011cb8c8e12022-01-05 09:20:36.961root 11241100x80000000000000006861586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf7035fdfac4172022-01-05 09:20:36.961root 11241100x80000000000000006861587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe5bd824e371cbf2022-01-05 09:20:36.961root 11241100x80000000000000006861588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c8ca08f71ecba12022-01-05 09:20:36.961root 11241100x80000000000000006861589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b56f0a3e4305332022-01-05 09:20:36.961root 11241100x80000000000000006861590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be86fd73508a713c2022-01-05 09:20:36.961root 11241100x80000000000000006861591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693b2d26ef6cddaa2022-01-05 09:20:36.961root 11241100x80000000000000006861592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a1de8942f13a862022-01-05 09:20:37.459root 11241100x80000000000000006861593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6aceabb1c412e2022-01-05 09:20:37.460root 11241100x80000000000000006861594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e0b0013f02d17b2022-01-05 09:20:37.460root 11241100x80000000000000006861595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e592afde895f772022-01-05 09:20:37.460root 11241100x80000000000000006861596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e92e500d00cb02022-01-05 09:20:37.460root 11241100x80000000000000006861597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4c41db8161a9ea2022-01-05 09:20:37.460root 11241100x80000000000000006861598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d076ab70b3fe322022-01-05 09:20:37.460root 11241100x80000000000000006861599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0994835557f0da2022-01-05 09:20:37.460root 11241100x80000000000000006861600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb25313d09e36c2022-01-05 09:20:37.460root 11241100x80000000000000006861601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc455e0fc577472022-01-05 09:20:37.460root 11241100x80000000000000006861602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144359770a3348e62022-01-05 09:20:37.460root 11241100x80000000000000006861603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abbf8ce235ab3752022-01-05 09:20:37.461root 11241100x80000000000000006861604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee515b11d511a92022-01-05 09:20:37.461root 11241100x80000000000000006861605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c57ab25929ab22022-01-05 09:20:37.461root 11241100x80000000000000006861606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f5bd515d6c79392022-01-05 09:20:37.959root 11241100x80000000000000006861607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6c1c53cab41b3f2022-01-05 09:20:37.959root 11241100x80000000000000006861608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38966c11ab77bb1f2022-01-05 09:20:37.960root 11241100x80000000000000006861609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4725906cfd1848f2022-01-05 09:20:37.960root 11241100x80000000000000006861610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2ff089ddaf7f412022-01-05 09:20:37.960root 11241100x80000000000000006861611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61356345e4b4b792022-01-05 09:20:37.960root 11241100x80000000000000006861612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a8c5ddd08122c2022-01-05 09:20:37.960root 11241100x80000000000000006861613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e71f7667bbb9ab2022-01-05 09:20:37.960root 11241100x80000000000000006861614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f882192750e7c30b2022-01-05 09:20:37.960root 11241100x80000000000000006861615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a149ecaf80a8302f2022-01-05 09:20:37.960root 11241100x80000000000000006861616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce9054d2514bb232022-01-05 09:20:37.960root 11241100x80000000000000006861617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716e7fa788a363c82022-01-05 09:20:37.960root 11241100x80000000000000006861618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72abdb32c92986002022-01-05 09:20:37.961root 11241100x80000000000000006861619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f1184410143df72022-01-05 09:20:37.961root 11241100x80000000000000006861620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cb64ea4066a3eb2022-01-05 09:20:38.459root 11241100x80000000000000006861621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1187c87f08eb23942022-01-05 09:20:38.460root 11241100x80000000000000006861622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80ec2856047b8972022-01-05 09:20:38.460root 11241100x80000000000000006861623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b55428b7a3fbc2022-01-05 09:20:38.460root 11241100x80000000000000006861624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655f0b605f84b7902022-01-05 09:20:38.460root 11241100x80000000000000006861625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1911a13c4254f9c2022-01-05 09:20:38.460root 11241100x80000000000000006861626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ed241364d67b232022-01-05 09:20:38.461root 11241100x80000000000000006861627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e03f6bd444cb162022-01-05 09:20:38.461root 11241100x80000000000000006861628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3b6d4e167348d2022-01-05 09:20:38.461root 11241100x80000000000000006861629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42c3538d40429352022-01-05 09:20:38.461root 11241100x80000000000000006861630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903dda083eb3b8a52022-01-05 09:20:38.461root 11241100x80000000000000006861631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311bc42fed05ae62022-01-05 09:20:38.461root 11241100x80000000000000006861632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b912abf3eb5154942022-01-05 09:20:38.461root 11241100x80000000000000006861633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb614759c7e42b32022-01-05 09:20:38.462root 11241100x80000000000000006861634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d8880b60e2964d2022-01-05 09:20:38.959root 11241100x80000000000000006861635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f150df9f4953355a2022-01-05 09:20:38.959root 11241100x80000000000000006861636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46dc8e6a05c5b182022-01-05 09:20:38.960root 11241100x80000000000000006861637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1835fe22860449802022-01-05 09:20:38.960root 11241100x80000000000000006861638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f65fe09fad604342022-01-05 09:20:38.960root 11241100x80000000000000006861639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69261b86421539f72022-01-05 09:20:38.960root 11241100x80000000000000006861640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657fb9a3b14bde072022-01-05 09:20:38.960root 11241100x80000000000000006861641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c783fc1496cec662022-01-05 09:20:38.960root 11241100x80000000000000006861642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ebb832028dc222022-01-05 09:20:38.960root 11241100x80000000000000006861643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0ed3f6400d911a2022-01-05 09:20:38.960root 11241100x80000000000000006861644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8be58bdfc8a782022-01-05 09:20:38.961root 11241100x80000000000000006861645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776c68a5dd3faa522022-01-05 09:20:38.961root 11241100x80000000000000006861646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6616311896e1c33c2022-01-05 09:20:38.961root 11241100x80000000000000006861647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6323d4301e63362022-01-05 09:20:38.961root 11241100x80000000000000006861648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc23a713d9ea39842022-01-05 09:20:39.459root 11241100x80000000000000006861649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a57eb043cf0a3e2022-01-05 09:20:39.459root 11241100x80000000000000006861650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5988e8292ffed92022-01-05 09:20:39.459root 11241100x80000000000000006861651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c36b346ce22a012022-01-05 09:20:39.459root 11241100x80000000000000006861652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa0fe94b89b52342022-01-05 09:20:39.460root 11241100x80000000000000006861653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13937ec6618730522022-01-05 09:20:39.460root 11241100x80000000000000006861654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0f28ed0d5f446e2022-01-05 09:20:39.460root 11241100x80000000000000006861655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc28ee5a15d237e2022-01-05 09:20:39.460root 11241100x80000000000000006861656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969886d235d52ef2022-01-05 09:20:39.460root 11241100x80000000000000006861657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09485236b8cd14552022-01-05 09:20:39.460root 11241100x80000000000000006861658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b28fb8df55ad1f2022-01-05 09:20:39.461root 11241100x80000000000000006861659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f04400a29adf972022-01-05 09:20:39.461root 11241100x80000000000000006861660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0717d5b4dc7836222022-01-05 09:20:39.461root 11241100x80000000000000006861661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f727617266028f92022-01-05 09:20:39.461root 11241100x80000000000000006861662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4ece848e83c6bf2022-01-05 09:20:39.959root 11241100x80000000000000006861663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d045ae1e2d45442022-01-05 09:20:39.959root 11241100x80000000000000006861664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353f302cbb626662022-01-05 09:20:39.960root 11241100x80000000000000006861665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18bc9e7fc16316c2022-01-05 09:20:39.960root 11241100x80000000000000006861666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeccc0412705ccc2022-01-05 09:20:39.960root 11241100x80000000000000006861667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b19caaddf7dd5d2022-01-05 09:20:39.960root 11241100x80000000000000006861668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4bd8ff409078d2022-01-05 09:20:39.960root 11241100x80000000000000006861669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcb2b91b28c522c2022-01-05 09:20:39.960root 11241100x80000000000000006861670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3148f82faa1e71142022-01-05 09:20:39.960root 11241100x80000000000000006861671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fce58404069369a2022-01-05 09:20:39.960root 11241100x80000000000000006861672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839aeb3dd18ce1c52022-01-05 09:20:39.960root 11241100x80000000000000006861673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb31781d34744472022-01-05 09:20:39.960root 11241100x80000000000000006861674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356b9756f5282c152022-01-05 09:20:39.960root 11241100x80000000000000006861675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83eda2e6d4be9d82022-01-05 09:20:39.960root 354300x80000000000000006861676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.225{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40704-false10.0.1.12-8000- 11241100x80000000000000006861677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d21c78c0be6fe62022-01-05 09:20:40.225root 11241100x80000000000000006861678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d63cd94848c0a9f2022-01-05 09:20:40.225root 11241100x80000000000000006861679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c80113ca6b787e62022-01-05 09:20:40.226root 11241100x80000000000000006861680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16403a9968dd72d52022-01-05 09:20:40.226root 11241100x80000000000000006861681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9951d74894d621412022-01-05 09:20:40.226root 11241100x80000000000000006861682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47ee305324474b2022-01-05 09:20:40.226root 11241100x80000000000000006861683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bdbdad403eaa072022-01-05 09:20:40.226root 11241100x80000000000000006861684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17906f0c799d9172022-01-05 09:20:40.226root 11241100x80000000000000006861685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5bc77bed2d9e8e2022-01-05 09:20:40.226root 11241100x80000000000000006861686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b13ae2c6aac33ad2022-01-05 09:20:40.226root 11241100x80000000000000006861687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893ccf7bc4fd994d2022-01-05 09:20:40.227root 11241100x80000000000000006861688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857753f8dccc5a82022-01-05 09:20:40.227root 11241100x80000000000000006861689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcd7a57fc74a0e52022-01-05 09:20:40.227root 11241100x80000000000000006861690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0237ba598c3d72022-01-05 09:20:40.227root 11241100x80000000000000006861691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf3863f8609f942022-01-05 09:20:40.227root 11241100x80000000000000006861692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e07dc9b74383c22022-01-05 09:20:40.227root 11241100x80000000000000006861693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c6ca9067ffa4182022-01-05 09:20:40.227root 11241100x80000000000000006861694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73bf6f6ca0dde5e2022-01-05 09:20:40.709root 11241100x80000000000000006861695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f557cb66a454ea72022-01-05 09:20:40.710root 11241100x80000000000000006861696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6110162bd2b1c59a2022-01-05 09:20:40.710root 11241100x80000000000000006861697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e388dd35258d552022-01-05 09:20:40.711root 11241100x80000000000000006861698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8fef64a3b958f72022-01-05 09:20:40.711root 11241100x80000000000000006861699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d2066031fe99102022-01-05 09:20:40.712root 11241100x80000000000000006861700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dac540bc64a7d02022-01-05 09:20:40.712root 11241100x80000000000000006861701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee85f2656c3cd572022-01-05 09:20:40.712root 11241100x80000000000000006861702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4922bf7243bf09a2022-01-05 09:20:40.713root 11241100x80000000000000006861703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d72f153dc359b62022-01-05 09:20:40.713root 11241100x80000000000000006861704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0020f3bfd829ca1a2022-01-05 09:20:40.713root 11241100x80000000000000006861705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa5edd8c51ac6ac2022-01-05 09:20:40.715root 11241100x80000000000000006861706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d57f2feadc20702022-01-05 09:20:40.715root 11241100x80000000000000006861707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb023bd8a6abbd2022-01-05 09:20:40.716root 11241100x80000000000000006861708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39ce6c8cb9efc092022-01-05 09:20:40.716root 11241100x80000000000000006861709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174693d06e36c07e2022-01-05 09:20:41.210root 11241100x80000000000000006861710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c8b238b1b8e8722022-01-05 09:20:41.210root 11241100x80000000000000006861711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f19b961f12ddb72022-01-05 09:20:41.210root 11241100x80000000000000006861712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c14714e7e4d53d2022-01-05 09:20:41.210root 11241100x80000000000000006861713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa79453969f230bd2022-01-05 09:20:41.211root 11241100x80000000000000006861714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa56aa2e769da1e2022-01-05 09:20:41.211root 11241100x80000000000000006861715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d945fb75ff927ef72022-01-05 09:20:41.211root 11241100x80000000000000006861716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae2e3ddb4496fc42022-01-05 09:20:41.211root 11241100x80000000000000006861717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73fb0d92cd9d75e2022-01-05 09:20:41.211root 11241100x80000000000000006861718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b3424ecf4e8e9d2022-01-05 09:20:41.212root 11241100x80000000000000006861719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885607bfc2f9349a2022-01-05 09:20:41.212root 11241100x80000000000000006861720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dfa365f3074f9c2022-01-05 09:20:41.212root 11241100x80000000000000006861721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f0b59f371fa9ad2022-01-05 09:20:41.212root 11241100x80000000000000006861722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e343299d185657d82022-01-05 09:20:41.212root 11241100x80000000000000006861723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab9b17d07fd5ee2022-01-05 09:20:41.212root 11241100x80000000000000006861724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8247b4694f6fed42022-01-05 09:20:41.710root 11241100x80000000000000006861725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2692fabfc2f891b62022-01-05 09:20:41.710root 11241100x80000000000000006861726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d368ad15a2083ae32022-01-05 09:20:41.710root 11241100x80000000000000006861727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3163a2538852a602022-01-05 09:20:41.710root 11241100x80000000000000006861728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f092105e4b3ee92022-01-05 09:20:41.710root 11241100x80000000000000006861729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8a15909a435e6a2022-01-05 09:20:41.710root 11241100x80000000000000006861730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2fa3d8cbc170152022-01-05 09:20:41.710root 11241100x80000000000000006861731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787207b74883b4b2022-01-05 09:20:41.710root 11241100x80000000000000006861732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f2c8363e2bbf7b2022-01-05 09:20:41.710root 11241100x80000000000000006861733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72c49e6d073e21d2022-01-05 09:20:41.710root 11241100x80000000000000006861734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e845a78a26583f52022-01-05 09:20:41.710root 11241100x80000000000000006861735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d60066fc4e8cbd2022-01-05 09:20:41.710root 11241100x80000000000000006861736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4f6dfc25a52b8d2022-01-05 09:20:41.710root 11241100x80000000000000006861737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45277ae82669597c2022-01-05 09:20:41.710root 11241100x80000000000000006861738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8308d4cf347fe12022-01-05 09:20:41.711root 11241100x80000000000000006861739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893854a5ef23abfd2022-01-05 09:20:42.209root 11241100x80000000000000006861740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749d125f254549de2022-01-05 09:20:42.210root 11241100x80000000000000006861741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e6d1370d9b93b92022-01-05 09:20:42.210root 11241100x80000000000000006861742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b0aaf871d6aeab2022-01-05 09:20:42.210root 11241100x80000000000000006861743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404e2128bf0357b92022-01-05 09:20:42.210root 11241100x80000000000000006861744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf262c62691de6cd2022-01-05 09:20:42.211root 11241100x80000000000000006861745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78feaa98c48a6e12022-01-05 09:20:42.211root 11241100x80000000000000006861746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b83f5da0f0659e2022-01-05 09:20:42.211root 11241100x80000000000000006861747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad6b840cfc1f7df2022-01-05 09:20:42.211root 11241100x80000000000000006861748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3f2c629fad29672022-01-05 09:20:42.212root 11241100x80000000000000006861749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b510f741eb60d842022-01-05 09:20:42.212root 11241100x80000000000000006861750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2005675e22d46682022-01-05 09:20:42.212root 11241100x80000000000000006861751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a746daef14fff332022-01-05 09:20:42.212root 11241100x80000000000000006861752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a0fd902944d9f22022-01-05 09:20:42.212root 11241100x80000000000000006861753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecea644ec7c2c3d82022-01-05 09:20:42.213root 11241100x80000000000000006861754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eba9e26528606502022-01-05 09:20:42.709root 11241100x80000000000000006861755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f6cc0c62ebd64d2022-01-05 09:20:42.709root 11241100x80000000000000006861756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65b3ef5ac4ab4b42022-01-05 09:20:42.710root 11241100x80000000000000006861757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5f8d5b76b8f41b2022-01-05 09:20:42.710root 11241100x80000000000000006861758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca367d2ea9cb7732022-01-05 09:20:42.710root 11241100x80000000000000006861759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0986bd273b003e072022-01-05 09:20:42.710root 11241100x80000000000000006861760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c8a438c895ac52022-01-05 09:20:42.710root 11241100x80000000000000006861761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40469290bca45eb82022-01-05 09:20:42.710root 11241100x80000000000000006861762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e441ddd29109ebbc2022-01-05 09:20:42.710root 11241100x80000000000000006861763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927e52e0878b3acb2022-01-05 09:20:42.710root 11241100x80000000000000006861764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5916ed525c3a9ef92022-01-05 09:20:42.710root 11241100x80000000000000006861765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84059b15b15f36e42022-01-05 09:20:42.710root 11241100x80000000000000006861766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93954425f97ab3222022-01-05 09:20:42.710root 11241100x80000000000000006861767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd6bf2308b123d2022-01-05 09:20:42.710root 11241100x80000000000000006861768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caab6447399447a2022-01-05 09:20:42.710root 11241100x80000000000000006861769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4655de809e7af10d2022-01-05 09:20:43.209root 11241100x80000000000000006861770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292fabb1a9178a832022-01-05 09:20:43.210root 11241100x80000000000000006861771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f09dd780292ee2022-01-05 09:20:43.210root 11241100x80000000000000006861772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4728ea25d48b386f2022-01-05 09:20:43.210root 11241100x80000000000000006861773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385c94da6d09d9ed2022-01-05 09:20:43.210root 11241100x80000000000000006861774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f934ef9fed5f5f2022-01-05 09:20:43.211root 11241100x80000000000000006861775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf49f5bbea585bc2022-01-05 09:20:43.212root 11241100x80000000000000006861776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b337a8a484ed53052022-01-05 09:20:43.212root 11241100x80000000000000006861777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64591a4f2837928c2022-01-05 09:20:43.212root 11241100x80000000000000006861778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642a0a502d02da3e2022-01-05 09:20:43.212root 11241100x80000000000000006861779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f82ccea693d79c2022-01-05 09:20:43.212root 11241100x80000000000000006861780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899ec3b8416a3252022-01-05 09:20:43.212root 11241100x80000000000000006861781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82764eff9f71a3b2022-01-05 09:20:43.213root 11241100x80000000000000006861782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f2ce9d40fe7b3d2022-01-05 09:20:43.213root 11241100x80000000000000006861783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11291a947e4b9c372022-01-05 09:20:43.213root 11241100x80000000000000006861784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17c5819b60d97b02022-01-05 09:20:43.710root 11241100x80000000000000006861785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d0ff46a19cb4202022-01-05 09:20:43.710root 11241100x80000000000000006861786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29ea07e241297b22022-01-05 09:20:43.710root 11241100x80000000000000006861787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe80d1dde5932cb2022-01-05 09:20:43.710root 11241100x80000000000000006861788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15dd9c5bcebdd3f2022-01-05 09:20:43.710root 11241100x80000000000000006861789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697ee552294e14d2022-01-05 09:20:43.710root 11241100x80000000000000006861790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07135b4ac209e52022-01-05 09:20:43.711root 11241100x80000000000000006861791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150e750b11779b962022-01-05 09:20:43.711root 11241100x80000000000000006861792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9eba572aee66f62022-01-05 09:20:43.711root 11241100x80000000000000006861793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9572f396de38ba2022-01-05 09:20:43.711root 11241100x80000000000000006861794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb4fdfc3105f482022-01-05 09:20:43.711root 11241100x80000000000000006861795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9729c8b3861e5c892022-01-05 09:20:43.711root 11241100x80000000000000006861796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f5140994a77052022-01-05 09:20:43.711root 11241100x80000000000000006861797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56005c3498a60f8a2022-01-05 09:20:43.711root 11241100x80000000000000006861798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3777a7863b30d92022-01-05 09:20:43.711root 11241100x80000000000000006861799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508ab2990638ed952022-01-05 09:20:44.210root 11241100x80000000000000006861800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f126f5c0e88a1dd2022-01-05 09:20:44.210root 11241100x80000000000000006861801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9d9d4df4d9b57e2022-01-05 09:20:44.210root 11241100x80000000000000006861802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cd4e2a1fc14d6f2022-01-05 09:20:44.210root 11241100x80000000000000006861803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a774c3eaef778cf72022-01-05 09:20:44.210root 11241100x80000000000000006861804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb345f96dbb5d062022-01-05 09:20:44.210root 11241100x80000000000000006861805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc539420445d292022-01-05 09:20:44.210root 11241100x80000000000000006861806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226029adaa6b547f2022-01-05 09:20:44.210root 11241100x80000000000000006861807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9259104e29cac2022-01-05 09:20:44.210root 11241100x80000000000000006861808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809df3b2adf369e12022-01-05 09:20:44.211root 11241100x80000000000000006861809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0964b1ed86e333e2022-01-05 09:20:44.211root 11241100x80000000000000006861810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b908427d309262022-01-05 09:20:44.211root 11241100x80000000000000006861811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668a1a4e641e2fc2022-01-05 09:20:44.211root 11241100x80000000000000006861812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2317ce68288343a52022-01-05 09:20:44.211root 11241100x80000000000000006861813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81caaab81e282632022-01-05 09:20:44.211root 11241100x80000000000000006861814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f82b40180a15012022-01-05 09:20:44.709root 11241100x80000000000000006861815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c217a17771e032022-01-05 09:20:44.709root 11241100x80000000000000006861816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4d742718a47d2a2022-01-05 09:20:44.709root 11241100x80000000000000006861817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8871f0e366f7bfba2022-01-05 09:20:44.709root 11241100x80000000000000006861818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbed9eb5c38a5f22022-01-05 09:20:44.709root 11241100x80000000000000006861819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38d77d538778e062022-01-05 09:20:44.710root 11241100x80000000000000006861820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a8b16b0b4c6002022-01-05 09:20:44.710root 11241100x80000000000000006861821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d13cd22c4d5792022-01-05 09:20:44.710root 11241100x80000000000000006861822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f6afbfc582f4be2022-01-05 09:20:44.710root 11241100x80000000000000006861823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12aea7d5c999aa12022-01-05 09:20:44.710root 11241100x80000000000000006861824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc900aaf1aa0b55e2022-01-05 09:20:44.710root 11241100x80000000000000006861825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4388be398510387c2022-01-05 09:20:44.710root 11241100x80000000000000006861826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bbf877b47e0f3e2022-01-05 09:20:44.710root 11241100x80000000000000006861827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84258ae12257e5ec2022-01-05 09:20:44.710root 11241100x80000000000000006861828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606d1ec4d2efbe552022-01-05 09:20:44.710root 11241100x80000000000000006861829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62dfeaa99cc5dbd2022-01-05 09:20:45.209root 11241100x80000000000000006861830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d879a71dd953b52022-01-05 09:20:45.210root 11241100x80000000000000006861831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f51a66270fc73862022-01-05 09:20:45.210root 11241100x80000000000000006861832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a7b067a5944542022-01-05 09:20:45.210root 11241100x80000000000000006861833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a219db30c49520f2022-01-05 09:20:45.210root 11241100x80000000000000006861834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59a85b30c2ee042022-01-05 09:20:45.210root 11241100x80000000000000006861835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195429a21dc3d0d52022-01-05 09:20:45.210root 11241100x80000000000000006861836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263e630383a7f8412022-01-05 09:20:45.210root 11241100x80000000000000006861837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d6e5a45c708f822022-01-05 09:20:45.210root 11241100x80000000000000006861838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0a3d29b73e396e2022-01-05 09:20:45.210root 11241100x80000000000000006861839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3adf448710ada512022-01-05 09:20:45.210root 11241100x80000000000000006861840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ad22dbfa414c912022-01-05 09:20:45.210root 11241100x80000000000000006861841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1890f63872277322022-01-05 09:20:45.211root 11241100x80000000000000006861842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a1fa37c08683182022-01-05 09:20:45.211root 11241100x80000000000000006861843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3baea15cc04d402022-01-05 09:20:45.211root 11241100x80000000000000006861844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425dfe47334796d82022-01-05 09:20:45.709root 11241100x80000000000000006861845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ccd8029c59d6562022-01-05 09:20:45.709root 11241100x80000000000000006861846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdb9b387941ae5a2022-01-05 09:20:45.710root 11241100x80000000000000006861847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2223406cad57da2022-01-05 09:20:45.710root 11241100x80000000000000006861848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6495078f1ba07ba02022-01-05 09:20:45.710root 11241100x80000000000000006861849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68609fbd4dba8e02022-01-05 09:20:45.710root 11241100x80000000000000006861850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a4542c6638ed132022-01-05 09:20:45.710root 11241100x80000000000000006861851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c94b56e37bfe80e2022-01-05 09:20:45.710root 11241100x80000000000000006861852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae74003913ef2e2022-01-05 09:20:45.710root 11241100x80000000000000006861853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058dcf43cd712d9e2022-01-05 09:20:45.710root 11241100x80000000000000006861854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41a23d1e457b0562022-01-05 09:20:45.710root 11241100x80000000000000006861855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98867f97fcb539672022-01-05 09:20:45.710root 11241100x80000000000000006861856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23367f7f04d541f12022-01-05 09:20:45.710root 11241100x80000000000000006861857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d56231d1b77fcc32022-01-05 09:20:45.710root 11241100x80000000000000006861858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66d908996f224d42022-01-05 09:20:45.710root 354300x80000000000000006861859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.155{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40706-false10.0.1.12-8000- 11241100x80000000000000006861860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330bb79541848b982022-01-05 09:20:46.156root 11241100x80000000000000006861861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da7bec944da33872022-01-05 09:20:46.156root 11241100x80000000000000006861862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27517ddd1579b82022-01-05 09:20:46.156root 11241100x80000000000000006861863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addb386aa296ec6d2022-01-05 09:20:46.156root 11241100x80000000000000006861864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635ffafff9943f2b2022-01-05 09:20:46.156root 11241100x80000000000000006861865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f0b0227509eff2022-01-05 09:20:46.157root 11241100x80000000000000006861866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0adac7aeffcaba2022-01-05 09:20:46.157root 11241100x80000000000000006861867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f273805c09ace112022-01-05 09:20:46.157root 11241100x80000000000000006861868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d55def37bd46662022-01-05 09:20:46.158root 11241100x80000000000000006861869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6021b647d572532022-01-05 09:20:46.158root 11241100x80000000000000006861870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df5aedb5a237fdd2022-01-05 09:20:46.158root 11241100x80000000000000006861871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.159{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5298cced122aeb182022-01-05 09:20:46.159root 11241100x80000000000000006861872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8284def1852562022-01-05 09:20:46.160root 11241100x80000000000000006861873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0326718ce70e6b92022-01-05 09:20:46.160root 11241100x80000000000000006861874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.161{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a61dcadee252c2022-01-05 09:20:46.161root 11241100x80000000000000006861875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6a3ee37747adb22022-01-05 09:20:46.162root 11241100x80000000000000006861876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126125801287e8a62022-01-05 09:20:46.162root 11241100x80000000000000006861877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977fe73b0c7559b12022-01-05 09:20:46.162root 11241100x80000000000000006861878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f281c8d1f900fe2022-01-05 09:20:46.162root 11241100x80000000000000006861879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a86c6e1f88a1ed2022-01-05 09:20:46.163root 11241100x80000000000000006861880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d584d12ad29bc22022-01-05 09:20:46.163root 11241100x80000000000000006861881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084455020a4fcf9e2022-01-05 09:20:46.459root 11241100x80000000000000006861882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3824f330cde32c2022-01-05 09:20:46.459root 11241100x80000000000000006861883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578a07d4930cd5a92022-01-05 09:20:46.459root 11241100x80000000000000006861884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530cd5c4e93742b2022-01-05 09:20:46.459root 11241100x80000000000000006861885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724d5a0481ef71752022-01-05 09:20:46.459root 11241100x80000000000000006861886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887d79d53d4319832022-01-05 09:20:46.459root 11241100x80000000000000006861887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5563e9e75cf2182022-01-05 09:20:46.459root 11241100x80000000000000006861888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05856130eb72d742022-01-05 09:20:46.459root 11241100x80000000000000006861889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b2a31faa718cf2022-01-05 09:20:46.459root 11241100x80000000000000006861890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8b38e206fc6872022-01-05 09:20:46.460root 11241100x80000000000000006861891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35507de76852ad62022-01-05 09:20:46.460root 11241100x80000000000000006861892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aca97c9ef896dee2022-01-05 09:20:46.460root 11241100x80000000000000006861893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf9a1a18a64c492022-01-05 09:20:46.460root 11241100x80000000000000006861894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ec87683842c4902022-01-05 09:20:46.460root 11241100x80000000000000006861895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab40f6a9784fe92022-01-05 09:20:46.460root 11241100x80000000000000006861896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba27b279d8c9bc82022-01-05 09:20:46.460root 11241100x80000000000000006861897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a9eb455257ed8a2022-01-05 09:20:46.959root 11241100x80000000000000006861898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a3c6181c54144e2022-01-05 09:20:46.959root 11241100x80000000000000006861899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6548d21af04ea42022-01-05 09:20:46.960root 11241100x80000000000000006861900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0094471359377202022-01-05 09:20:46.960root 11241100x80000000000000006861901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ff3e8e4cdf0ab62022-01-05 09:20:46.960root 11241100x80000000000000006861902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421628af0bddfcc2022-01-05 09:20:46.960root 11241100x80000000000000006861903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d50a8ea9a29e8bc2022-01-05 09:20:46.960root 11241100x80000000000000006861904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65138b5eaf8ae6142022-01-05 09:20:46.960root 11241100x80000000000000006861905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e878a96bf3dcfd2022-01-05 09:20:46.960root 11241100x80000000000000006861906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0692a8d4e8802ac82022-01-05 09:20:46.960root 11241100x80000000000000006861907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef2c5159926cb42022-01-05 09:20:46.960root 11241100x80000000000000006861908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e0f9b694b81db52022-01-05 09:20:46.960root 11241100x80000000000000006861909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca68a8e851a08f72022-01-05 09:20:46.960root 11241100x80000000000000006861910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6db950b892b4fe2022-01-05 09:20:46.960root 11241100x80000000000000006861911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d6da05db626c42022-01-05 09:20:46.960root 11241100x80000000000000006861912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110fc50504e1f4752022-01-05 09:20:46.960root 154100x80000000000000006861913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.205{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudo-----sudo touch /etc/doas.conf/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 354300x80000000000000006861914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.210{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoubuntuudptruefalse127.0.0.1-49569-false127.0.0.53-53- 354300x80000000000000006861915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.210{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-34064-false10.0.0.2-53- 354300x80000000000000006861916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.210{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-54696-false10.0.0.2-53- 11241100x80000000000000006861917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f903d4a4ae66b7122022-01-05 09:20:47.211root 354300x80000000000000006861918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.212{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-49569- 354300x80000000000000006861919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.212{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-49569- 11241100x80000000000000006861920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8facb300df4db42b2022-01-05 09:20:47.213root 11241100x80000000000000006861921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11656c25fd833c662022-01-05 09:20:47.213root 11241100x80000000000000006861922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45716a720564b482022-01-05 09:20:47.213root 11241100x80000000000000006861923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50c6f2b7d1962702022-01-05 09:20:47.213root 11241100x80000000000000006861924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff791f68a0ff267c2022-01-05 09:20:47.213root 11241100x80000000000000006861925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a83f7f676ba33622022-01-05 09:20:47.213root 11241100x80000000000000006861926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5bfda6586be15c2022-01-05 09:20:47.214root 11241100x80000000000000006861927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae207669d86cbbbe2022-01-05 09:20:47.214root 11241100x80000000000000006861928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45e03c7ea3e3ba82022-01-05 09:20:47.214root 11241100x80000000000000006861929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8157c473eaa06e002022-01-05 09:20:47.214root 11241100x80000000000000006861930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db809548c2fb25b62022-01-05 09:20:47.214root 11241100x80000000000000006861931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3d10a5fef80c22022-01-05 09:20:47.214root 11241100x80000000000000006861932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c78b1ab157fd882022-01-05 09:20:47.214root 11241100x80000000000000006861933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629d9a75edc27d42022-01-05 09:20:47.214root 11241100x80000000000000006861934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad38b1ecee1aafb2022-01-05 09:20:47.214root 11241100x80000000000000006861935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf93e334c4f0d432022-01-05 09:20:47.214root 11241100x80000000000000006861936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71506a65823a04502022-01-05 09:20:47.215root 11241100x80000000000000006861937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df275eae8eb93012022-01-05 09:20:47.215root 11241100x80000000000000006861938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a6de226d0f2b302022-01-05 09:20:47.215root 11241100x80000000000000006861939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4dd36dfb2687db2022-01-05 09:20:47.215root 354300x80000000000000006861940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.221{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoubuntuudptruefalse127.0.0.1-50284-false127.0.0.53-53- 354300x80000000000000006861941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.222{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50284- 154100x80000000000000006861942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.226{ec2e79f3-62ef-61d5-10f0-d90192550000}22925/bin/touch-----touch /etc/doas.conf/home/ubuntu/doasroot{ec2e79f3-0000-0000-0000-000000000000}058no level-{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudosudoubuntu 11241100x80000000000000006861943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.227{ec2e79f3-62ef-61d5-10f0-d90192550000}22925/bin/touch/etc/doas.conf2022-01-05 09:20:47.227root 534500x80000000000000006861944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.227{ec2e79f3-62ef-61d5-10f0-d90192550000}22925/bin/touchroot 534500x80000000000000006861945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.227{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoroot 11241100x80000000000000006861946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed745c2f8b724a92022-01-05 09:20:47.709root 11241100x80000000000000006861947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ad5c5d653ebc822022-01-05 09:20:47.709root 11241100x80000000000000006861948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79205f22fd500bd2022-01-05 09:20:47.709root 11241100x80000000000000006861949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0da2a92a547ad2022-01-05 09:20:47.710root 11241100x80000000000000006861950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb27be5cdc5a2052022-01-05 09:20:47.710root 11241100x80000000000000006861951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c8bb162324b872022-01-05 09:20:47.710root 11241100x80000000000000006861952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9080a19764a527992022-01-05 09:20:47.710root 11241100x80000000000000006861953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6feb2c45da6ef2022-01-05 09:20:47.710root 11241100x80000000000000006861954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0570e1ba2248882022-01-05 09:20:47.710root 11241100x80000000000000006861955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326104e76df4ade2022-01-05 09:20:47.710root 11241100x80000000000000006861956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c93a36b1c0f449d2022-01-05 09:20:47.710root 11241100x80000000000000006861957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5447ab149d43f74d2022-01-05 09:20:47.710root 11241100x80000000000000006861958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595098fce308eaaa2022-01-05 09:20:47.710root 11241100x80000000000000006861959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b79ea5a60fc78d12022-01-05 09:20:47.710root 11241100x80000000000000006861960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c014b263fceebc8f2022-01-05 09:20:47.710root 11241100x80000000000000006861961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bae84913d803f2b2022-01-05 09:20:47.710root 11241100x80000000000000006861962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4477bd9ad9334b842022-01-05 09:20:47.710root 11241100x80000000000000006861963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e80f769d841502022-01-05 09:20:47.710root 11241100x80000000000000006861964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0311897caff10422022-01-05 09:20:47.711root 11241100x80000000000000006861965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88374286828639ba2022-01-05 09:20:47.711root 11241100x80000000000000006861966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cab9680a0d19442022-01-05 09:20:47.711root 11241100x80000000000000006861967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c41e7aa3236df62022-01-05 09:20:47.711root 11241100x80000000000000006861968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3713422955be3482022-01-05 09:20:47.711root 11241100x80000000000000006861969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afef82e37aeb8aef2022-01-05 09:20:47.711root 11241100x80000000000000006861970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b4e0e5a0e0e75d2022-01-05 09:20:47.711root 11241100x80000000000000006861971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44922b325fd9a59c2022-01-05 09:20:47.711root 11241100x80000000000000006861972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dbcd8aaf7eb3432022-01-05 09:20:47.711root 11241100x80000000000000006861973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81183054a2ad4df42022-01-05 09:20:47.711root 11241100x80000000000000006861974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13793c0612b2f88f2022-01-05 09:20:47.712root 11241100x80000000000000006861975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736e3290366397bd2022-01-05 09:20:47.712root 11241100x80000000000000006861976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61ba924d00499e02022-01-05 09:20:47.712root 11241100x80000000000000006861977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b5907d8309554c2022-01-05 09:20:47.712root 11241100x80000000000000006861978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c9680881f47dbd2022-01-05 09:20:47.712root 11241100x80000000000000006861979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02025874948ee08c2022-01-05 09:20:47.712root 11241100x80000000000000006861980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36913aca265222cd2022-01-05 09:20:47.713root 11241100x80000000000000006861981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250bbe7cb712b152022-01-05 09:20:47.713root 11241100x80000000000000006861982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7b797acdfb31fa2022-01-05 09:20:47.713root 11241100x80000000000000006861983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4029e6f70a0d71dd2022-01-05 09:20:47.713root 11241100x80000000000000006861984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6802ce76e694ed42022-01-05 09:20:47.713root 11241100x80000000000000006861985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a716d83f00f5e4f2022-01-05 09:20:47.713root 11241100x80000000000000006861986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c54b3b5591aee2022-01-05 09:20:47.714root 11241100x80000000000000006861987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f608c62ffb37c72022-01-05 09:20:47.714root 11241100x80000000000000006861988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c0b673fc4f1f7a2022-01-05 09:20:47.714root 11241100x80000000000000006861989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4af640788e5b1482022-01-05 09:20:47.714root 11241100x80000000000000006861990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d87b9fb7222ec92022-01-05 09:20:47.714root 11241100x80000000000000006861991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69952905176a33d2022-01-05 09:20:47.714root 11241100x80000000000000006861992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ca807600fc558c2022-01-05 09:20:47.715root 11241100x80000000000000006861993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b759ab42f4b011b02022-01-05 09:20:47.715root 11241100x80000000000000006861994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e87f28b239ef002022-01-05 09:20:47.715root 11241100x80000000000000006861995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aed8ff8b1333e222022-01-05 09:20:47.715root 11241100x80000000000000006861996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b3880d9ac2739a2022-01-05 09:20:47.715root 11241100x80000000000000006861997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252395a14ebfa8752022-01-05 09:20:47.716root 11241100x80000000000000006861998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bb96668a28474d2022-01-05 09:20:47.716root 11241100x80000000000000006861999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1498b78600c628bc2022-01-05 09:20:47.716root 11241100x80000000000000006862000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc368f5cb2559d2022-01-05 09:20:47.716root 11241100x80000000000000006862001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6be9531fc12732022-01-05 09:20:47.716root 11241100x80000000000000006862002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3234eb8de97cc8ce2022-01-05 09:20:47.717root 11241100x80000000000000006862003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268de6f268f16cdd2022-01-05 09:20:47.717root 11241100x80000000000000006862004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22efaa4e64e7b95f2022-01-05 09:20:47.717root 11241100x80000000000000006862005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefe22790f3afd052022-01-05 09:20:47.717root 11241100x80000000000000006862006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922fb15a8708da02022-01-05 09:20:48.209root 11241100x80000000000000006862007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5ae12a072cfbe92022-01-05 09:20:48.209root 11241100x80000000000000006862008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0237261d056827312022-01-05 09:20:48.210root 11241100x80000000000000006862009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf1fcd70d4226e92022-01-05 09:20:48.210root 11241100x80000000000000006862010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52946707e22d89d02022-01-05 09:20:48.210root 11241100x80000000000000006862011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ceadca3e93a3102022-01-05 09:20:48.210root 11241100x80000000000000006862012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50d7136df8466a2022-01-05 09:20:48.210root 11241100x80000000000000006862013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d484af66528aeeea2022-01-05 09:20:48.211root 11241100x80000000000000006862014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30d449ce9f63e3b2022-01-05 09:20:48.211root 11241100x80000000000000006862015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42659a8f29bf9ae2022-01-05 09:20:48.211root 11241100x80000000000000006862016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f451d921d14be2022-01-05 09:20:48.212root 11241100x80000000000000006862017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8404fb2481a7d4e22022-01-05 09:20:48.212root 11241100x80000000000000006862018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d4e4e944fa09702022-01-05 09:20:48.212root 11241100x80000000000000006862019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e236feba7b5c977e2022-01-05 09:20:48.212root 11241100x80000000000000006862020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad81de3a3a9315e12022-01-05 09:20:48.213root 11241100x80000000000000006862021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704eb0ba2e7ee822022-01-05 09:20:48.213root 11241100x80000000000000006862022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525df7249fefb4182022-01-05 09:20:48.213root 11241100x80000000000000006862023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0547bb8ba975762a2022-01-05 09:20:48.214root 11241100x80000000000000006862024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67ffca9f19072b2022-01-05 09:20:48.214root 11241100x80000000000000006862025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf8b97b530325cf2022-01-05 09:20:48.214root 11241100x80000000000000006862026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2d4fa078845a082022-01-05 09:20:48.214root 11241100x80000000000000006862027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe0b1d8ab72b472022-01-05 09:20:48.215root 11241100x80000000000000006862028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f05f6fa5d5560802022-01-05 09:20:48.215root 11241100x80000000000000006862029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d75caae613242702022-01-05 09:20:48.215root 11241100x80000000000000006862030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd72c87902b02d22022-01-05 09:20:48.216root 11241100x80000000000000006862031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1a95c35979f7972022-01-05 09:20:48.216root 11241100x80000000000000006862032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abe4effddd57b872022-01-05 09:20:48.216root 11241100x80000000000000006862033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4de175db3dbf9052022-01-05 09:20:48.216root 11241100x80000000000000006862034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c68722c9528b612022-01-05 09:20:48.217root 11241100x80000000000000006862035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27eea71435f48092022-01-05 09:20:48.217root 11241100x80000000000000006862036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaf2bdb7e6bfa972022-01-05 09:20:48.217root 11241100x80000000000000006862037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5346f51dfeb048922022-01-05 09:20:48.217root 11241100x80000000000000006862038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7742d74f438fc3912022-01-05 09:20:48.218root 11241100x80000000000000006862039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b231eb93b018772022-01-05 09:20:48.709root 11241100x80000000000000006862040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2356de9ddfc332022-01-05 09:20:48.709root 11241100x80000000000000006862041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2959066edceed42022-01-05 09:20:48.710root 11241100x80000000000000006862042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e53b8e9244ee552022-01-05 09:20:48.710root 11241100x80000000000000006862043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eb9d1bfb398f602022-01-05 09:20:48.710root 11241100x80000000000000006862044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f7c1c437743f112022-01-05 09:20:48.710root 11241100x80000000000000006862045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971438afcc5e17e02022-01-05 09:20:48.710root 11241100x80000000000000006862046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17985cb156f2a002022-01-05 09:20:48.711root 11241100x80000000000000006862047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b303d399ecea11232022-01-05 09:20:48.711root 11241100x80000000000000006862048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071e303b0054e762022-01-05 09:20:48.711root 11241100x80000000000000006862049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fd55510e7e9b642022-01-05 09:20:48.711root 11241100x80000000000000006862050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c956cbd41952ef2022-01-05 09:20:48.711root 11241100x80000000000000006862051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea68e6caf6cb3732022-01-05 09:20:48.711root 11241100x80000000000000006862052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb594013450bc242022-01-05 09:20:48.711root 11241100x80000000000000006862053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f352b077ac8924e2022-01-05 09:20:48.712root 11241100x80000000000000006862054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d70a69843348d2022-01-05 09:20:48.712root 11241100x80000000000000006862055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230060ee779149402022-01-05 09:20:48.712root 11241100x80000000000000006862056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177d65065f7e95f92022-01-05 09:20:48.712root 11241100x80000000000000006862057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151dd5475b0ba8dc2022-01-05 09:20:48.712root 11241100x80000000000000006862058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da590237e20637ce2022-01-05 09:20:48.712root 11241100x80000000000000006862059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cad3f1b566df98c2022-01-05 09:20:48.713root 11241100x80000000000000006862060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46c2f997defe9752022-01-05 09:20:48.713root 11241100x80000000000000006862061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d25208ae383862022-01-05 09:20:48.713root 11241100x80000000000000006862062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb2a0cbfda0bab2022-01-05 09:20:48.713root 11241100x80000000000000006862063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a8f9adda9caffd2022-01-05 09:20:48.713root 11241100x80000000000000006862064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482973ed8051ef92022-01-05 09:20:48.713root 11241100x80000000000000006862065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4632f8296fccf3772022-01-05 09:20:48.713root 11241100x80000000000000006862066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c6037c2ec588de2022-01-05 09:20:48.714root 11241100x80000000000000006862067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926ea3abf11dcbb82022-01-05 09:20:48.714root 11241100x80000000000000006862068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83945bf41cefc9682022-01-05 09:20:48.714root 11241100x80000000000000006862069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af037285b963022022-01-05 09:20:48.714root 11241100x80000000000000006862070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a12649526cc972022-01-05 09:20:48.714root 11241100x80000000000000006862071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88515bf19b75d2902022-01-05 09:20:49.209root 11241100x80000000000000006862072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f23f8e05f22b4a72022-01-05 09:20:49.210root 11241100x80000000000000006862073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c094c645c872cdd92022-01-05 09:20:49.210root 11241100x80000000000000006862074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aac4e868fbbe602022-01-05 09:20:49.210root 11241100x80000000000000006862075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b268ca64003334232022-01-05 09:20:49.210root 11241100x80000000000000006862076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf722dde833f53722022-01-05 09:20:49.210root 11241100x80000000000000006862077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc56896ee7f04792022-01-05 09:20:49.210root 11241100x80000000000000006862078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ef088a16b440d42022-01-05 09:20:49.210root 11241100x80000000000000006862079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c4f488cbbb364c2022-01-05 09:20:49.210root 11241100x80000000000000006862080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445541c303f9b1c72022-01-05 09:20:49.211root 11241100x80000000000000006862081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576ae32032df72fd2022-01-05 09:20:49.211root 11241100x80000000000000006862082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de77825b30341c662022-01-05 09:20:49.211root 11241100x80000000000000006862083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfcf0b23375b7bd2022-01-05 09:20:49.211root 11241100x80000000000000006862084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f737268ea6022a82022-01-05 09:20:49.211root 11241100x80000000000000006862085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a17e93a8bee3a4e2022-01-05 09:20:49.211root 11241100x80000000000000006862086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9eab082024e7682022-01-05 09:20:49.211root 11241100x80000000000000006862087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9778274bab3054472022-01-05 09:20:49.211root 11241100x80000000000000006862088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b27ddcb3b9222c2022-01-05 09:20:49.211root 11241100x80000000000000006862089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721fe69e95ca8f42022-01-05 09:20:49.211root 11241100x80000000000000006862090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc8597e25b54442022-01-05 09:20:49.211root 11241100x80000000000000006862091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94047d3c442673f52022-01-05 09:20:49.211root 11241100x80000000000000006862092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62414d5a5541435d2022-01-05 09:20:49.212root 11241100x80000000000000006862093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05325e1de69e87572022-01-05 09:20:49.212root 11241100x80000000000000006862094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b006d25e8a5611892022-01-05 09:20:49.212root 11241100x80000000000000006862095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73523a48ffa4f77c2022-01-05 09:20:49.212root 11241100x80000000000000006862096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a859affea8a0cc2022-01-05 09:20:49.212root 11241100x80000000000000006862097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c309a1dbdbe3322022-01-05 09:20:49.212root 11241100x80000000000000006862098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db921babffad4032022-01-05 09:20:49.213root 11241100x80000000000000006862099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c1b0f0e410e952022-01-05 09:20:49.213root 11241100x80000000000000006862100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f355a90e55ad2fd2022-01-05 09:20:49.709root 11241100x80000000000000006862101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ee7c3a4ca1b5e2022-01-05 09:20:49.709root 11241100x80000000000000006862102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642a95eb2b4290e22022-01-05 09:20:49.709root 11241100x80000000000000006862103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a835c15b7ebf4fd92022-01-05 09:20:49.709root 11241100x80000000000000006862104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788e0fa8a179333b2022-01-05 09:20:49.709root 11241100x80000000000000006862105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92fc8657bdd70522022-01-05 09:20:49.709root 11241100x80000000000000006862106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693b58a947c1f1812022-01-05 09:20:49.709root 11241100x80000000000000006862107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6add1bc59b0e0f2022-01-05 09:20:49.709root 11241100x80000000000000006862108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439888b60cad083a2022-01-05 09:20:49.710root 11241100x80000000000000006862109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c8506402691a212022-01-05 09:20:49.710root 11241100x80000000000000006862110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e9e2e83c961ab2022-01-05 09:20:49.710root 11241100x80000000000000006862111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c93164688ca2a12022-01-05 09:20:49.710root 11241100x80000000000000006862112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc639e66daf127d92022-01-05 09:20:49.711root 11241100x80000000000000006862113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00459f5e55edd28b2022-01-05 09:20:49.711root 11241100x80000000000000006862114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e83dae583b2e22022-01-05 09:20:49.711root 11241100x80000000000000006862115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abac0d8232ea77272022-01-05 09:20:49.711root 11241100x80000000000000006862116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f20c3e1cf38e032022-01-05 09:20:49.711root 11241100x80000000000000006862117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd91bf7438562a2022-01-05 09:20:49.711root 11241100x80000000000000006862118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d660255bf293a2a2022-01-05 09:20:49.711root 11241100x80000000000000006862119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93645696503e47452022-01-05 09:20:49.712root 11241100x80000000000000006862120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2c9e2e9250e5d52022-01-05 09:20:49.712root 11241100x80000000000000006862121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60ea9862dc96bd92022-01-05 09:20:49.712root 11241100x80000000000000006862122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24ab4eac32abfea2022-01-05 09:20:49.712root 11241100x80000000000000006862123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae1f902d64f75052022-01-05 09:20:49.712root 11241100x80000000000000006862124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982d3e69ffcd55de2022-01-05 09:20:49.712root 11241100x80000000000000006862125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8375c87837c59e4f2022-01-05 09:20:49.713root 11241100x80000000000000006862126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b698b299f7ff9b72022-01-05 09:20:49.714root 11241100x80000000000000006862127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013e153a432ead02022-01-05 09:20:49.714root 11241100x80000000000000006862128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853012f513b0fa52022-01-05 09:20:49.715root 11241100x80000000000000006862129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c052b66f0ee372022-01-05 09:20:49.715root 11241100x80000000000000006862130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a786073dd0b5d25b2022-01-05 09:20:49.715root 11241100x80000000000000006862131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b2ab6faf6902d2022-01-05 09:20:49.716root 11241100x80000000000000006862132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dea00a4f9e9e3512022-01-05 09:20:49.716root 11241100x80000000000000006862133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c29c88b1b906862022-01-05 09:20:49.717root 11241100x80000000000000006862134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d9896c3646d54e2022-01-05 09:20:49.717root 11241100x80000000000000006862135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcbef6c8914e7f02022-01-05 09:20:49.718root 11241100x80000000000000006862136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43273809843818a92022-01-05 09:20:49.718root 11241100x80000000000000006862137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faacb1cd19e0c5e42022-01-05 09:20:50.209root 11241100x80000000000000006862138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b04fba54d269792022-01-05 09:20:50.209root 11241100x80000000000000006862139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf0a20875535dd2022-01-05 09:20:50.209root 11241100x80000000000000006862140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0456fdbb092b0062022-01-05 09:20:50.209root 11241100x80000000000000006862141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c63938dd5081b892022-01-05 09:20:50.209root 11241100x80000000000000006862142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53af1d3da34b14eb2022-01-05 09:20:50.209root 11241100x80000000000000006862143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3314fad6d7e1f0752022-01-05 09:20:50.209root 11241100x80000000000000006862144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6f580e969f06512022-01-05 09:20:50.210root 11241100x80000000000000006862145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c606bbd3c1ae33dd2022-01-05 09:20:50.210root 11241100x80000000000000006862146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1e0e05cfd237362022-01-05 09:20:50.210root 11241100x80000000000000006862147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd9d19d3783e072022-01-05 09:20:50.210root 11241100x80000000000000006862148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1802f5a3e6b9c92022-01-05 09:20:50.210root 11241100x80000000000000006862149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b816cf84b0c0ee2022-01-05 09:20:50.210root 11241100x80000000000000006862150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e51f96406b5d92022-01-05 09:20:50.210root 11241100x80000000000000006862151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f410e17e06ecf4962022-01-05 09:20:50.210root 11241100x80000000000000006862152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e1d226f3af4f162022-01-05 09:20:50.210root 11241100x80000000000000006862153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b580d4ece4ce36a2022-01-05 09:20:50.211root 11241100x80000000000000006862154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d51b4945ed5052022-01-05 09:20:50.211root 11241100x80000000000000006862155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd632e5566941bf2022-01-05 09:20:50.211root 11241100x80000000000000006862156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec2549f4958a1a2022-01-05 09:20:50.211root 11241100x80000000000000006862157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9317b903251d6b2022-01-05 09:20:50.211root 11241100x80000000000000006862158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7b22fa8232cc6d2022-01-05 09:20:50.211root 11241100x80000000000000006862159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1910e23e250382022-01-05 09:20:50.211root 11241100x80000000000000006862160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f6b3230778b632022-01-05 09:20:50.212root 11241100x80000000000000006862161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ab544296832482022-01-05 09:20:50.212root 11241100x80000000000000006862162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd011d6428d6cd7e2022-01-05 09:20:50.212root 11241100x80000000000000006862163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5313dd49fe59952022-01-05 09:20:50.212root 11241100x80000000000000006862164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d7fb183190e842022-01-05 09:20:50.212root 11241100x80000000000000006862165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf6e904049e0692022-01-05 09:20:50.212root 11241100x80000000000000006862166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6240c5f5daba6c922022-01-05 09:20:50.213root 11241100x80000000000000006862167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02edeb875b2e0502022-01-05 09:20:50.213root 11241100x80000000000000006862168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d80d31dd72d94c2022-01-05 09:20:50.709root 11241100x80000000000000006862169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973d4bb9a9126552022-01-05 09:20:50.710root 11241100x80000000000000006862170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eee33d2750e57112022-01-05 09:20:50.710root 11241100x80000000000000006862171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e983d7889380782022-01-05 09:20:50.710root 11241100x80000000000000006862172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6ce15be83d21c92022-01-05 09:20:50.711root 11241100x80000000000000006862173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaee6fc9d1c240f2022-01-05 09:20:50.711root 11241100x80000000000000006862174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10f65169dea86362022-01-05 09:20:50.711root 11241100x80000000000000006862175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb53ca68f1ad2a152022-01-05 09:20:50.711root 11241100x80000000000000006862176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86824c74b610addf2022-01-05 09:20:50.711root 11241100x80000000000000006862177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985161485e921ca2022-01-05 09:20:50.711root 11241100x80000000000000006862178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a1591b81f54952022-01-05 09:20:50.712root 11241100x80000000000000006862179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a65ec37b04dae0d2022-01-05 09:20:50.712root 11241100x80000000000000006862180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48470e79d268b1122022-01-05 09:20:50.712root 11241100x80000000000000006862181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b21051ff7eb5b82022-01-05 09:20:50.712root 11241100x80000000000000006862182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f1baca80f58df2022-01-05 09:20:50.712root 11241100x80000000000000006862183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a69309e0be23e2022-01-05 09:20:50.712root 11241100x80000000000000006862184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c94ea77f0a6ab92022-01-05 09:20:50.713root 11241100x80000000000000006862185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371b51081a6000eb2022-01-05 09:20:50.713root 11241100x80000000000000006862186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d483c759c4140e4c2022-01-05 09:20:50.713root 11241100x80000000000000006862187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45953f9ebe2cce0b2022-01-05 09:20:50.713root 11241100x80000000000000006862188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833c8747a0cb102a2022-01-05 09:20:50.713root 11241100x80000000000000006862189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f26cd10826a0cb2022-01-05 09:20:50.713root 11241100x80000000000000006862190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a0ff9e814307a2022-01-05 09:20:50.713root 11241100x80000000000000006862191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae8b6b2e2c76f22022-01-05 09:20:50.714root 11241100x80000000000000006862192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a54d32089e6cf2022-01-05 09:20:50.714root 11241100x80000000000000006862193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc261bb3c980c22022-01-05 09:20:50.716root 11241100x80000000000000006862194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87928b8e7d415f852022-01-05 09:20:50.716root 11241100x80000000000000006862195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b04881cb6ff10172022-01-05 09:20:50.716root 11241100x80000000000000006862196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c6dc0c0a7374c92022-01-05 09:20:51.210root 11241100x80000000000000006862197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e79f79e056cb5162022-01-05 09:20:51.210root 11241100x80000000000000006862198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f0ed2cc2f6dbe2022-01-05 09:20:51.210root 11241100x80000000000000006862199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb11d183cb4381f2022-01-05 09:20:51.210root 11241100x80000000000000006862200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175a9223c96d4ad62022-01-05 09:20:51.210root 11241100x80000000000000006862201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1214238beddcf6902022-01-05 09:20:51.210root 11241100x80000000000000006862202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86991807453d97cd2022-01-05 09:20:51.210root 11241100x80000000000000006862203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fb776a8e0e71a02022-01-05 09:20:51.210root 11241100x80000000000000006862204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6eef098595bdc42022-01-05 09:20:51.210root 11241100x80000000000000006862205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b9553e08260642022-01-05 09:20:51.210root 11241100x80000000000000006862206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7b99f53ace39d12022-01-05 09:20:51.210root 11241100x80000000000000006862207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a572db789c9ca5712022-01-05 09:20:51.210root 11241100x80000000000000006862208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aa2caf3ec8e1632022-01-05 09:20:51.211root 11241100x80000000000000006862209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188463abe0965fd82022-01-05 09:20:51.211root 11241100x80000000000000006862210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a35c6d98a19d72022-01-05 09:20:51.211root 11241100x80000000000000006862211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b47a5eafd009e72022-01-05 09:20:51.211root 11241100x80000000000000006862212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d2a1b3ca7e4e72022-01-05 09:20:51.211root 11241100x80000000000000006862213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa79404317493cf2022-01-05 09:20:51.211root 11241100x80000000000000006862214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12cffe25bf818932022-01-05 09:20:51.211root 11241100x80000000000000006862215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77740d22757af0002022-01-05 09:20:51.211root 11241100x80000000000000006862216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04853b18ec2992c72022-01-05 09:20:51.211root 11241100x80000000000000006862217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3878f294122563c92022-01-05 09:20:51.211root 11241100x80000000000000006862218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b8011a52ae13392022-01-05 09:20:51.211root 11241100x80000000000000006862219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73871dfb143c94432022-01-05 09:20:51.211root 11241100x80000000000000006862220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc324104299ccc242022-01-05 09:20:51.211root 11241100x80000000000000006862221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1624a64fd8dfbdf2022-01-05 09:20:51.211root 11241100x80000000000000006862222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059ba7c86fe5f2312022-01-05 09:20:51.211root 11241100x80000000000000006862223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905bd2eae4d3e8402022-01-05 09:20:51.212root 11241100x80000000000000006862224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4331f76acb99df2022-01-05 09:20:51.709root 11241100x80000000000000006862225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7f93281c31a942022-01-05 09:20:51.709root 11241100x80000000000000006862226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdae37b97b857102022-01-05 09:20:51.709root 11241100x80000000000000006862227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e5e59be4a561d52022-01-05 09:20:51.709root 11241100x80000000000000006862228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624239b240d152f82022-01-05 09:20:51.709root 11241100x80000000000000006862229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962fe55fee3429f02022-01-05 09:20:51.710root 11241100x80000000000000006862230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3915159bdeefb4622022-01-05 09:20:51.710root 11241100x80000000000000006862231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5c7b2a06bce3f62022-01-05 09:20:51.710root 11241100x80000000000000006862232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c993fe186b28402022-01-05 09:20:51.711root 11241100x80000000000000006862233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326fa34cb0a375062022-01-05 09:20:51.711root 11241100x80000000000000006862234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24eaaf937d7aa0b2022-01-05 09:20:51.711root 11241100x80000000000000006862235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2712fb33080f7632022-01-05 09:20:51.712root 11241100x80000000000000006862236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda1ffca0bbe7852022-01-05 09:20:51.712root 11241100x80000000000000006862237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55366283aac51b2022-01-05 09:20:51.712root 11241100x80000000000000006862238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeda9004112fedf2022-01-05 09:20:51.712root 11241100x80000000000000006862239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b89ec177abc652022-01-05 09:20:51.713root 11241100x80000000000000006862240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edf79a6fe90b6b92022-01-05 09:20:51.713root 11241100x80000000000000006862241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf84d660847d27b2022-01-05 09:20:51.713root 11241100x80000000000000006862242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9262b9562a0842022-01-05 09:20:51.713root 11241100x80000000000000006862243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c606e9a1c5336262022-01-05 09:20:51.713root 11241100x80000000000000006862244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b699645795fea1d22022-01-05 09:20:51.713root 11241100x80000000000000006862245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4593753fc7796e8a2022-01-05 09:20:51.713root 11241100x80000000000000006862246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c26dd7ee47199d2022-01-05 09:20:51.713root 11241100x80000000000000006862247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7f8aa97890098b2022-01-05 09:20:51.713root 11241100x80000000000000006862248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1656073db74773c12022-01-05 09:20:51.713root 11241100x80000000000000006862249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb68ef66b7b9b792022-01-05 09:20:51.714root 11241100x80000000000000006862250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e8336d2b547be2022-01-05 09:20:51.714root 11241100x80000000000000006862251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f31c9a443858aa2022-01-05 09:20:51.714root 11241100x80000000000000006862252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36905e87ee5039e2022-01-05 09:20:51.714root 11241100x80000000000000006862253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f297aad1f7cf7fb62022-01-05 09:20:51.714root 11241100x80000000000000006862254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b42db9796960132022-01-05 09:20:51.714root 11241100x80000000000000006862255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61930dc4c672c782022-01-05 09:20:51.714root 11241100x80000000000000006862256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dba3f1ba055b4a2022-01-05 09:20:51.714root 11241100x80000000000000006862257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f76c623dd6e5d492022-01-05 09:20:51.714root 11241100x80000000000000006862258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47fb3a9ea468a52022-01-05 09:20:51.714root 354300x80000000000000006862259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40708-false10.0.1.12-8000- 11241100x80000000000000006862260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d4e15adbb5ab972022-01-05 09:20:52.102root 11241100x80000000000000006862261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c995f71278fdd942022-01-05 09:20:52.102root 11241100x80000000000000006862262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e49773f3f840d12022-01-05 09:20:52.102root 11241100x80000000000000006862263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dcd93f68e33c4a2022-01-05 09:20:52.102root 11241100x80000000000000006862264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e3b96c6fb8956a2022-01-05 09:20:52.103root 11241100x80000000000000006862265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec514a9a2882fe562022-01-05 09:20:52.103root 11241100x80000000000000006862266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a226c112e3a41542022-01-05 09:20:52.103root 11241100x80000000000000006862267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4093758d1d64802022-01-05 09:20:52.103root 11241100x80000000000000006862268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510320d2b6e44ccf2022-01-05 09:20:52.103root 11241100x80000000000000006862269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa1ba74919ddff2022-01-05 09:20:52.103root 11241100x80000000000000006862270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912e1cba29d48ba2022-01-05 09:20:52.103root 11241100x80000000000000006862271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552b0176dd7336652022-01-05 09:20:52.103root 11241100x80000000000000006862272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4074ba41acff24db2022-01-05 09:20:52.103root 11241100x80000000000000006862273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5871c7112135fb2022-01-05 09:20:52.103root 11241100x80000000000000006862274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22af94d71de05d82022-01-05 09:20:52.103root 11241100x80000000000000006862275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b87769a9800672022-01-05 09:20:52.103root 11241100x80000000000000006862276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5f9ddca89a0c7d2022-01-05 09:20:52.103root 11241100x80000000000000006862277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad47438afeea652022-01-05 09:20:52.103root 11241100x80000000000000006862278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e317043b6674627b2022-01-05 09:20:52.104root 11241100x80000000000000006862279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33976bad18b25fa42022-01-05 09:20:52.104root 11241100x80000000000000006862280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4928825a54f3722022-01-05 09:20:52.104root 11241100x80000000000000006862281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baea7ecc8bd357ba2022-01-05 09:20:52.104root 11241100x80000000000000006862282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b05d0b25572eedb2022-01-05 09:20:52.104root 11241100x80000000000000006862283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91513b3e095276eb2022-01-05 09:20:52.104root 11241100x80000000000000006862284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501231afb8a6ad8d2022-01-05 09:20:52.104root 11241100x80000000000000006862285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5a96d8485a5882022-01-05 09:20:52.104root 11241100x80000000000000006862286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff66919032e2a4312022-01-05 09:20:52.104root 11241100x80000000000000006862287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1cf9ad129c278f2022-01-05 09:20:52.104root 11241100x80000000000000006862288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8298ec36cdea712022-01-05 09:20:52.104root 11241100x80000000000000006862289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264173a2a65e622a2022-01-05 09:20:52.104root 11241100x80000000000000006862290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8829beedbd46c1832022-01-05 09:20:52.104root 11241100x80000000000000006862291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4756304b239e480e2022-01-05 09:20:52.105root 11241100x80000000000000006862292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7954c2ef2ef037c2022-01-05 09:20:52.105root 11241100x80000000000000006862293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37738a9cc4107ab42022-01-05 09:20:52.105root 11241100x80000000000000006862294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08817c47a8dcc91a2022-01-05 09:20:52.105root 11241100x80000000000000006862295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f29c4a5e0f1a7b2022-01-05 09:20:52.105root 11241100x80000000000000006862296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6fc71a24f41eca2022-01-05 09:20:52.459root 11241100x80000000000000006862297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d96e63437d340122022-01-05 09:20:52.459root 11241100x80000000000000006862298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0327d65dae0ed02022-01-05 09:20:52.459root 11241100x80000000000000006862299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34593a2fa8873ffb2022-01-05 09:20:52.460root 11241100x80000000000000006862300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6755698504ae292022-01-05 09:20:52.460root 11241100x80000000000000006862301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6795de92d29ed9b2022-01-05 09:20:52.460root 11241100x80000000000000006862302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731fe6c8df378542022-01-05 09:20:52.460root 11241100x80000000000000006862303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cb5060a9d83ab02022-01-05 09:20:52.460root 11241100x80000000000000006862304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8975e8a07b5bb372022-01-05 09:20:52.460root 11241100x80000000000000006862305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805cdc82debd53352022-01-05 09:20:52.460root 11241100x80000000000000006862306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc007f32c89c06a52022-01-05 09:20:52.460root 11241100x80000000000000006862307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9293c8096c11b5f42022-01-05 09:20:52.460root 11241100x80000000000000006862308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f092e4226dcc32022-01-05 09:20:52.460root 11241100x80000000000000006862309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01418a0cf8a494b72022-01-05 09:20:52.461root 11241100x80000000000000006862310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8913f153556dfa2022-01-05 09:20:52.461root 11241100x80000000000000006862311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81834a5ec572d8e2022-01-05 09:20:52.461root 11241100x80000000000000006862312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171461f7b0fc9fc62022-01-05 09:20:52.461root 11241100x80000000000000006862313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2369307051b9a972022-01-05 09:20:52.462root 11241100x80000000000000006862314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba75fbd3d63f152022-01-05 09:20:52.462root 11241100x80000000000000006862315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1e212d05f95b282022-01-05 09:20:52.462root 11241100x80000000000000006862316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e94e6cd49aff82022-01-05 09:20:52.462root 11241100x80000000000000006862317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c950061a6cbfd69d2022-01-05 09:20:52.462root 11241100x80000000000000006862318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909f1b8ada2031662022-01-05 09:20:52.462root 11241100x80000000000000006862319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bba83735fad60d2022-01-05 09:20:52.462root 11241100x80000000000000006862320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a0d7e8a4da91a12022-01-05 09:20:52.462root 11241100x80000000000000006862321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7260bd0e2172da6f2022-01-05 09:20:52.462root 11241100x80000000000000006862322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df749c93a7a2ece52022-01-05 09:20:52.462root 11241100x80000000000000006862323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fc467d1d51bdc72022-01-05 09:20:52.462root 11241100x80000000000000006862324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9abfe3b63adc02022-01-05 09:20:52.462root 11241100x80000000000000006862325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79cb50a5d2edf332022-01-05 09:20:52.959root 11241100x80000000000000006862326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d69332d524e29d72022-01-05 09:20:52.959root 11241100x80000000000000006862327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a20a5225d711db2022-01-05 09:20:52.959root 11241100x80000000000000006862328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2915b4107497e22022-01-05 09:20:52.959root 11241100x80000000000000006862329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2950567f2df0240b2022-01-05 09:20:52.960root 11241100x80000000000000006862330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed77e8fc58e0742022-01-05 09:20:52.960root 11241100x80000000000000006862331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0670cc1d1b0177cc2022-01-05 09:20:52.960root 11241100x80000000000000006862332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366a138b2098ea62022-01-05 09:20:52.960root 11241100x80000000000000006862333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa9b02f0f33fcd02022-01-05 09:20:52.960root 11241100x80000000000000006862334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969756da447fbc92022-01-05 09:20:52.960root 11241100x80000000000000006862335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b537da1ce26cf7572022-01-05 09:20:52.961root 11241100x80000000000000006862336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc857bdeda36f122022-01-05 09:20:52.961root 11241100x80000000000000006862337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde1da2e1f1a4262022-01-05 09:20:52.961root 11241100x80000000000000006862338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e989add25111d1b2022-01-05 09:20:52.962root 11241100x80000000000000006862339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb1aa7cca94c34b2022-01-05 09:20:52.963root 11241100x80000000000000006862340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c60ebd522598de52022-01-05 09:20:52.963root 11241100x80000000000000006862341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e914093e9ed3d82022-01-05 09:20:52.963root 11241100x80000000000000006862342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c1c958e5a84a382022-01-05 09:20:52.965root 11241100x80000000000000006862343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9add3000e1818da2022-01-05 09:20:52.965root 11241100x80000000000000006862344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc57ca3f0f5d885a2022-01-05 09:20:52.965root 11241100x80000000000000006862345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdd120580b8611f2022-01-05 09:20:52.965root 11241100x80000000000000006862346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf944ffbbe1fc872022-01-05 09:20:52.965root 11241100x80000000000000006862347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f498923df508f7632022-01-05 09:20:52.965root 11241100x80000000000000006862348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43189a62db3cb92022-01-05 09:20:52.966root 11241100x80000000000000006862349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4798ccc8f638f92022-01-05 09:20:52.966root 11241100x80000000000000006862350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9970fd9a80c135952022-01-05 09:20:52.966root 11241100x80000000000000006862351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26042c91decf7412022-01-05 09:20:52.966root 11241100x80000000000000006862352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a248031ba55e8aa2022-01-05 09:20:52.966root 11241100x80000000000000006862353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef6d2bd0fb5d0db2022-01-05 09:20:52.966root 11241100x80000000000000006862354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5af64440f275052022-01-05 09:20:52.966root 11241100x80000000000000006862355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0ef2ee57328ec12022-01-05 09:20:52.967root 11241100x80000000000000006862356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8646da9c98ac4152022-01-05 09:20:52.967root 11241100x80000000000000006862357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1620ee1ef50818e82022-01-05 09:20:52.967root 11241100x80000000000000006862358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b5b187043bfed32022-01-05 09:20:52.967root 11241100x80000000000000006862359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66cd3a72dee28d2022-01-05 09:20:52.967root 11241100x80000000000000006862360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd558744ee7a07d32022-01-05 09:20:52.967root 11241100x80000000000000006862361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78e7df13def79f2022-01-05 09:20:52.967root 11241100x80000000000000006862362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930caa8b345c9272022-01-05 09:20:52.967root 11241100x80000000000000006862363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149362d0fc6911732022-01-05 09:20:52.967root 11241100x80000000000000006862364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1205e1317c6de46a2022-01-05 09:20:53.459root 11241100x80000000000000006862365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469ff1c5a6caf9b52022-01-05 09:20:53.460root 11241100x80000000000000006862366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72500b9afb29de82022-01-05 09:20:53.460root 11241100x80000000000000006862367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0139f8d29da83272022-01-05 09:20:53.460root 11241100x80000000000000006862368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4534a9de22aa503e2022-01-05 09:20:53.460root 11241100x80000000000000006862369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e5376d38cd304c2022-01-05 09:20:53.461root 11241100x80000000000000006862370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1dbefdbcefe9332022-01-05 09:20:53.461root 11241100x80000000000000006862371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4176207fbc791ef92022-01-05 09:20:53.461root 11241100x80000000000000006862372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b480f89c86c0f2022-01-05 09:20:53.461root 11241100x80000000000000006862373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac9d443bec25722022-01-05 09:20:53.461root 11241100x80000000000000006862374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94408b54aff5fb112022-01-05 09:20:53.461root 11241100x80000000000000006862375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af962c1ebc5821c2022-01-05 09:20:53.462root 11241100x80000000000000006862376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c89120346a5ae502022-01-05 09:20:53.462root 11241100x80000000000000006862377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f312a84ba7d93d002022-01-05 09:20:53.462root 11241100x80000000000000006862378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d4efbbc7bf166e2022-01-05 09:20:53.462root 11241100x80000000000000006862379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbc0de147e457cc2022-01-05 09:20:53.462root 11241100x80000000000000006862380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ffdcf49015f7642022-01-05 09:20:53.463root 11241100x80000000000000006862381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1f34237e2675822022-01-05 09:20:53.463root 11241100x80000000000000006862382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809c7b1423b49e5d2022-01-05 09:20:53.463root 11241100x80000000000000006862383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef954fd00c2a34f2022-01-05 09:20:53.463root 11241100x80000000000000006862384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f745a5ae1f0f5362022-01-05 09:20:53.463root 11241100x80000000000000006862385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1527c0b91b8fb6bc2022-01-05 09:20:53.463root 11241100x80000000000000006862386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e19da9c28d9b5b2022-01-05 09:20:53.464root 11241100x80000000000000006862387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9916066279d7102022-01-05 09:20:53.464root 11241100x80000000000000006862388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290dd1d259b74612022-01-05 09:20:53.464root 11241100x80000000000000006862389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123feb80ff8354662022-01-05 09:20:53.464root 11241100x80000000000000006862390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb87bdc93f28322022-01-05 09:20:53.465root 11241100x80000000000000006862391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cca9591de183d92022-01-05 09:20:53.465root 11241100x80000000000000006862392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dbe7a6005087a72022-01-05 09:20:53.466root 11241100x80000000000000006862393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b8e7ee398c2b72022-01-05 09:20:53.466root 11241100x80000000000000006862394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309f3aaab900e39c2022-01-05 09:20:53.959root 11241100x80000000000000006862395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e6592edbdfeda52022-01-05 09:20:53.960root 11241100x80000000000000006862396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68267d31cb6290f02022-01-05 09:20:53.960root 11241100x80000000000000006862397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4f6244ff162792022-01-05 09:20:53.960root 11241100x80000000000000006862398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321b5557cf21c892022-01-05 09:20:53.960root 11241100x80000000000000006862399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afd9052474020c52022-01-05 09:20:53.961root 11241100x80000000000000006862400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40253f037e93da552022-01-05 09:20:53.961root 11241100x80000000000000006862401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7e5fed95443c2f2022-01-05 09:20:53.961root 11241100x80000000000000006862402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3599aaeacfdb292022-01-05 09:20:53.961root 11241100x80000000000000006862403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc74f2f73d34a5e52022-01-05 09:20:53.961root 11241100x80000000000000006862404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e782f8144fde97c2022-01-05 09:20:53.961root 11241100x80000000000000006862405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488356b59c9bc9372022-01-05 09:20:53.961root 11241100x80000000000000006862406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629b9b597ef8d472022-01-05 09:20:53.961root 11241100x80000000000000006862407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db66b7954a841872022-01-05 09:20:53.961root 11241100x80000000000000006862408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bcdd4d320069a12022-01-05 09:20:53.962root 11241100x80000000000000006862409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c132259e6ff542022-01-05 09:20:53.962root 11241100x80000000000000006862410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e60d78b592ced62022-01-05 09:20:53.962root 11241100x80000000000000006862411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97bb86b0391fe852022-01-05 09:20:53.962root 11241100x80000000000000006862412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406ce74cac38c272022-01-05 09:20:53.962root 11241100x80000000000000006862413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac722d8a73dd3842022-01-05 09:20:53.962root 11241100x80000000000000006862414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1474fc37d99302742022-01-05 09:20:53.962root 11241100x80000000000000006862415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbfc482307dab252022-01-05 09:20:53.962root 11241100x80000000000000006862416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3986130a4ebe252022-01-05 09:20:53.962root 11241100x80000000000000006862417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab507b1e0303ff12022-01-05 09:20:53.962root 11241100x80000000000000006862418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ee0e8aa0ec35592022-01-05 09:20:53.963root 11241100x80000000000000006862419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77213a389efb1b0e2022-01-05 09:20:53.963root 11241100x80000000000000006862420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd07ce0497d152952022-01-05 09:20:53.963root 11241100x80000000000000006862421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce3f04ce324ec6f2022-01-05 09:20:53.963root 11241100x80000000000000006862422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffc3f0718329e142022-01-05 09:20:53.963root 11241100x80000000000000006862423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e0904c4b0bff702022-01-05 09:20:53.963root 11241100x80000000000000006862424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4780391c0c9cea72022-01-05 09:20:53.963root 11241100x80000000000000006862425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623434afa281fb172022-01-05 09:20:54.459root 11241100x80000000000000006862426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966d8d1c4b86ac4a2022-01-05 09:20:54.459root 11241100x80000000000000006862427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f2394d378e4f962022-01-05 09:20:54.459root 11241100x80000000000000006862428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387c5ec2d54fcce62022-01-05 09:20:54.459root 11241100x80000000000000006862429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ef6d6d88c3355f2022-01-05 09:20:54.459root 11241100x80000000000000006862430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fc3cc94d9ef2d12022-01-05 09:20:54.460root 11241100x80000000000000006862431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4f84eedb8349a62022-01-05 09:20:54.460root 11241100x80000000000000006862432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22dae7b354f47762022-01-05 09:20:54.460root 11241100x80000000000000006862433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cfcf4e154440bd2022-01-05 09:20:54.460root 11241100x80000000000000006862434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc8fd0e9c8faf4e2022-01-05 09:20:54.460root 11241100x80000000000000006862435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e64c04bdcfa45cc2022-01-05 09:20:54.461root 11241100x80000000000000006862436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6263d6b40d666d42022-01-05 09:20:54.461root 11241100x80000000000000006862437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c7176c0802e2a42022-01-05 09:20:54.461root 11241100x80000000000000006862438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d80d9258a170722022-01-05 09:20:54.461root 11241100x80000000000000006862439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5f417b938d52e42022-01-05 09:20:54.461root 11241100x80000000000000006862440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e0e32c0d67bcfa2022-01-05 09:20:54.461root 11241100x80000000000000006862441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa0985b0ace15a62022-01-05 09:20:54.461root 11241100x80000000000000006862442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef4d0d41e871d42022-01-05 09:20:54.461root 11241100x80000000000000006862443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d204fee719aa05732022-01-05 09:20:54.461root 23542300x80000000000000006862493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:02.404{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006862494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fad299923a38dba2022-01-05 09:21:02.709root 354300x80000000000000006862495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.126{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40712-false10.0.1.12-8000- 11241100x80000000000000006862496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdf08156c1903cb2022-01-05 09:21:03.126root 11241100x80000000000000006862497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27702a9999ee79962022-01-05 09:21:03.459root 11241100x80000000000000006862498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a980dd5d353c68d22022-01-05 09:21:03.459root 11241100x80000000000000006862499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f064e647615940d2022-01-05 09:21:03.959root 11241100x80000000000000006862500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a3a47276371ee12022-01-05 09:21:03.959root 11241100x80000000000000006862501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5400f4f561ddaf72022-01-05 09:21:04.459root 11241100x80000000000000006862502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b504d089a8865b5f2022-01-05 09:21:04.459root 11241100x80000000000000006862503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158db5303a4a52812022-01-05 09:21:04.959root 11241100x80000000000000006862504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d125de84f89add752022-01-05 09:21:04.959root 11241100x80000000000000006862505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e8f60ef556cd72022-01-05 09:21:05.459root 11241100x80000000000000006862506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24de76b914ce6e52022-01-05 09:21:05.459root 11241100x80000000000000006862507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a1489f2b311dd2022-01-05 09:21:05.959root 11241100x80000000000000006862508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e8ca0825ea2732022-01-05 09:21:05.959root 11241100x80000000000000006862509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d8c1dc98a820b2022-01-05 09:21:06.459root 11241100x80000000000000006862510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ef99c61cef0dc2022-01-05 09:21:06.459root 154100x80000000000000006862511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.821{ec2e79f3-6302-61d5-6894-823ff8550000}22932/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006862512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.822{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab5b6d12b2be8be2022-01-05 09:21:06.822root 11241100x80000000000000006862513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.822{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8669827e8f98de3d2022-01-05 09:21:06.822root 534500x80000000000000006862514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.838{ec2e79f3-6302-61d5-6894-823ff8550000}22932/bin/psroot 11241100x80000000000000006862515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98fcde31e68c40b2022-01-05 09:21:07.209root 11241100x80000000000000006862516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0921ace9d016f2022-01-05 09:21:07.209root 11241100x80000000000000006862517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0d9e6cdef53b802022-01-05 09:21:07.209root 11241100x80000000000000006862518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea93775b123ae8342022-01-05 09:21:07.209root 11241100x80000000000000006862519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b96c7f4652d7042022-01-05 09:21:07.709root 11241100x80000000000000006862520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe0a23c899a8fe12022-01-05 09:21:07.709root 11241100x80000000000000006862521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7d84d6f7503d62022-01-05 09:21:07.709root 11241100x80000000000000006862522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898972d264e3d6b92022-01-05 09:21:07.709root 11241100x80000000000000006862523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb5b6279944ac112022-01-05 09:21:08.209root 11241100x80000000000000006862524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b73e0cb702d21e52022-01-05 09:21:08.209root 11241100x80000000000000006862525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d811f7e02bef9f2022-01-05 09:21:08.209root 11241100x80000000000000006862526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a913d710e74262022-01-05 09:21:08.209root 11241100x80000000000000006862527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37f1008dac2655e2022-01-05 09:21:08.709root 11241100x80000000000000006862528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b568f94871b05a12022-01-05 09:21:08.709root 11241100x80000000000000006862529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fe0f017eea045f2022-01-05 09:21:08.710root 11241100x80000000000000006862530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a32849000bab12022-01-05 09:21:08.710root 354300x80000000000000006862531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.020{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40714-false10.0.1.12-8000- 11241100x80000000000000006862532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.021{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1bf328d4a77d472022-01-05 09:21:09.021root 11241100x80000000000000006862533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffb4fa817d935042022-01-05 09:21:09.022root 11241100x80000000000000006862534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dddd31775738d562022-01-05 09:21:09.022root 11241100x80000000000000006862535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c8d7ef32d22a9c2022-01-05 09:21:09.022root 11241100x80000000000000006862536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ee87b6fa33b9d2022-01-05 09:21:09.022root 11241100x80000000000000006862537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186322bfb4516f7c2022-01-05 09:21:09.459root 11241100x80000000000000006862538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c8688744aab612022-01-05 09:21:09.459root 11241100x80000000000000006862539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebabd1598a2438622022-01-05 09:21:09.460root 11241100x80000000000000006862540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121fb94e8a7bfcaa2022-01-05 09:21:09.460root 11241100x80000000000000006862541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920db5d7dd764f2a2022-01-05 09:21:09.460root 11241100x80000000000000006862542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72decb2d1199e5222022-01-05 09:21:09.959root 11241100x80000000000000006862543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805a916da37f1182022-01-05 09:21:09.959root 11241100x80000000000000006862544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37733d053201a1702022-01-05 09:21:09.960root 11241100x80000000000000006862545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c018b298b57f5a352022-01-05 09:21:09.960root 11241100x80000000000000006862546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c12f4d42ee877582022-01-05 09:21:09.960root 11241100x80000000000000006862547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8a22304d71c752022-01-05 09:21:10.459root 11241100x80000000000000006862548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b2d204a72180b42022-01-05 09:21:10.459root 11241100x80000000000000006862549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57058f48ba3b0e812022-01-05 09:21:10.460root 11241100x80000000000000006862550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0674dc41cb1b8a2022-01-05 09:21:10.460root 11241100x80000000000000006862551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7f78aa7c38c402022-01-05 09:21:10.460root 11241100x80000000000000006862552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1394f1ace013a252022-01-05 09:21:10.959root 11241100x80000000000000006862553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a905b14f2b6daa72022-01-05 09:21:10.959root 11241100x80000000000000006862554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed6a3c7f971e262022-01-05 09:21:10.960root 11241100x80000000000000006862555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4ce18d993d55042022-01-05 09:21:10.960root 11241100x80000000000000006862556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca4775f2a53335c2022-01-05 09:21:10.960root 11241100x80000000000000006862557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81a940d45d91a592022-01-05 09:21:11.459root 11241100x80000000000000006862558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9a16939b02b4a12022-01-05 09:21:11.459root 11241100x80000000000000006862559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa67c24fc644562022-01-05 09:21:11.459root 11241100x80000000000000006862560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4c97739bef7e8d2022-01-05 09:21:11.460root 11241100x80000000000000006862561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f39a8dfccab68542022-01-05 09:21:11.460root 11241100x80000000000000006862562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681af5f4e75fb16e2022-01-05 09:21:11.959root 11241100x80000000000000006862563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f68260acad09102022-01-05 09:21:11.959root 11241100x80000000000000006862564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d4463bf53e78502022-01-05 09:21:11.960root 11241100x80000000000000006862565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0069d12e4e03b62022-01-05 09:21:11.960root 11241100x80000000000000006862566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f26db64bde0f7e2022-01-05 09:21:11.960root 11241100x80000000000000006862567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5fa865057c749f2022-01-05 09:21:12.459root 11241100x80000000000000006862568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a67d6c9a42d26352022-01-05 09:21:12.459root 11241100x80000000000000006862569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f88dc65dc280692022-01-05 09:21:12.459root 11241100x80000000000000006862570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0622c7e062e8b0152022-01-05 09:21:12.460root 11241100x80000000000000006862571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa51e2f227b813162022-01-05 09:21:12.460root 11241100x80000000000000006862572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938dd261318626202022-01-05 09:21:12.959root 11241100x80000000000000006862573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcf26021e6f9c682022-01-05 09:21:12.959root 11241100x80000000000000006862574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bd6a45c98392ff2022-01-05 09:21:12.959root 11241100x80000000000000006862575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3301b6e7bfe3c23f2022-01-05 09:21:12.960root 11241100x80000000000000006862576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee01f3541a6707d02022-01-05 09:21:12.960root 11241100x80000000000000006862577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530b1d88e2247022022-01-05 09:21:13.459root 11241100x80000000000000006862578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927a9804758efeeb2022-01-05 09:21:13.459root 11241100x80000000000000006862579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13082d4e5ab312052022-01-05 09:21:13.459root 11241100x80000000000000006862580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3961de38f50d50a2022-01-05 09:21:13.460root 11241100x80000000000000006862581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef7bf4a71b5562f2022-01-05 09:21:13.460root 11241100x80000000000000006862582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d06da53053767df2022-01-05 09:21:13.959root 11241100x80000000000000006862583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a69f7c64c6d64d2022-01-05 09:21:13.959root 11241100x80000000000000006862584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ef6924412292ec2022-01-05 09:21:13.959root 11241100x80000000000000006862585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007ca04b9f535022022-01-05 09:21:13.959root 11241100x80000000000000006862586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4303b5458d2f8ed2022-01-05 09:21:13.960root 354300x80000000000000006862587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.155{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40716-false10.0.1.12-8000- 11241100x80000000000000006862588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38845d6e7af7bb962022-01-05 09:21:14.460root 11241100x80000000000000006862589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2b4c507f8c7e5e2022-01-05 09:21:14.461root 11241100x80000000000000006862590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd950309aa2414ed2022-01-05 09:21:14.461root 11241100x80000000000000006862591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e198116155b5c052022-01-05 09:21:14.461root 11241100x80000000000000006862592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35714d849fc725012022-01-05 09:21:14.462root 11241100x80000000000000006862593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6bd0f565d57b222022-01-05 09:21:14.462root 11241100x80000000000000006862594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f83d069b0681b22022-01-05 09:21:14.959root 11241100x80000000000000006862595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ad02ae24c028ce2022-01-05 09:21:14.959root 11241100x80000000000000006862596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699805fc7abc4962022-01-05 09:21:14.959root 11241100x80000000000000006862597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de0ace36907a92f2022-01-05 09:21:14.959root 11241100x80000000000000006862598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7fdf57d145db312022-01-05 09:21:14.959root 11241100x80000000000000006862599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c842c826c456372022-01-05 09:21:14.959root 11241100x80000000000000006862600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4c2667cc2186472022-01-05 09:21:15.459root 11241100x80000000000000006862601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e755cdf93c95f62022-01-05 09:21:15.459root 11241100x80000000000000006862602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d71baa7ff67d842022-01-05 09:21:15.459root 11241100x80000000000000006862603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f766e654e06e132022-01-05 09:21:15.459root 11241100x80000000000000006862604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fcc7905a114b782022-01-05 09:21:15.459root 11241100x80000000000000006862605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8d7132e55b57702022-01-05 09:21:15.459root 11241100x80000000000000006862606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79361d9c7b1fdd962022-01-05 09:21:15.959root 11241100x80000000000000006862607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2978949c417991512022-01-05 09:21:15.959root 11241100x80000000000000006862608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d70d9dc9525832022-01-05 09:21:15.959root 11241100x80000000000000006862609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546fed912943a2982022-01-05 09:21:15.959root 11241100x80000000000000006862610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c686d58731547a552022-01-05 09:21:15.959root 11241100x80000000000000006862611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f762e72c3cc262022-01-05 09:21:15.959root 11241100x80000000000000006862612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ac825bc9fd9e8d2022-01-05 09:21:16.459root 11241100x80000000000000006862613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46662185773ca90d2022-01-05 09:21:16.459root 11241100x80000000000000006862614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2452938c2456c32022-01-05 09:21:16.459root 11241100x80000000000000006862615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacb623d6f33f68c2022-01-05 09:21:16.459root 11241100x80000000000000006862616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3455c5a8a91b6a62022-01-05 09:21:16.459root 11241100x80000000000000006862617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95591dd3d79d27c2022-01-05 09:21:16.459root 11241100x80000000000000006862618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bcaeb40baf55af2022-01-05 09:21:16.959root 11241100x80000000000000006862619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9a0a89152c13722022-01-05 09:21:16.959root 11241100x80000000000000006862620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344c06174f2cec902022-01-05 09:21:16.959root 11241100x80000000000000006862621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9875cae6ff7affc2022-01-05 09:21:16.959root 11241100x80000000000000006862622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e9ce2def509722022-01-05 09:21:16.959root 11241100x80000000000000006862623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdadc78f83ab96d2022-01-05 09:21:16.960root 11241100x80000000000000006862624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446192dad07369f2022-01-05 09:21:17.459root 11241100x80000000000000006862625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13473249033eae9c2022-01-05 09:21:17.459root 11241100x80000000000000006862626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5785897110ff2442022-01-05 09:21:17.459root 11241100x80000000000000006862627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e03e91121ac27812022-01-05 09:21:17.459root 11241100x80000000000000006862628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fed82adb907bfa2022-01-05 09:21:17.459root 11241100x80000000000000006862629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbcafc985249fbb2022-01-05 09:21:17.459root 11241100x80000000000000006862630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eee94ec955bc29f2022-01-05 09:21:17.959root 11241100x80000000000000006862631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c1660193bdc53c2022-01-05 09:21:17.959root 11241100x80000000000000006862632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71033fc1169423d72022-01-05 09:21:17.959root 11241100x80000000000000006862633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f278439ebfdc072022-01-05 09:21:17.959root 11241100x80000000000000006862634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98507bdf79eb73362022-01-05 09:21:17.959root 11241100x80000000000000006862635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2624f7f4a1ccf4e2022-01-05 09:21:17.959root 11241100x80000000000000006862636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16039a8dcc3ab09e2022-01-05 09:21:18.459root 11241100x80000000000000006862637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c128f9e0260fb2022-01-05 09:21:18.459root 11241100x80000000000000006862638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bdf2bf0a4c72962022-01-05 09:21:18.459root 11241100x80000000000000006862639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8742fd3228e96d5f2022-01-05 09:21:18.459root 11241100x80000000000000006862640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b34e37dcdaf3372022-01-05 09:21:18.459root 11241100x80000000000000006862641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6293c33b5c01574d2022-01-05 09:21:18.460root 11241100x80000000000000006862642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9882ed1504e0dc42022-01-05 09:21:18.959root 11241100x80000000000000006862643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6638be504839372022-01-05 09:21:18.959root 11241100x80000000000000006862644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed97601a1cb6dafb2022-01-05 09:21:18.959root 11241100x80000000000000006862645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0834da193f3433822022-01-05 09:21:18.959root 11241100x80000000000000006862646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41deb7fc7bac142022-01-05 09:21:18.959root 11241100x80000000000000006862647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677e29ef6a96512a2022-01-05 09:21:18.959root 11241100x80000000000000006862648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91cd6cc5ddb7882022-01-05 09:21:19.459root 11241100x80000000000000006862649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5051a6c1d9da42022-01-05 09:21:19.459root 11241100x80000000000000006862650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe64eafb6a6d51b2022-01-05 09:21:19.460root 11241100x80000000000000006862651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadd322e20bab0d12022-01-05 09:21:19.460root 11241100x80000000000000006862652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9bbb8eed5824e62022-01-05 09:21:19.460root 11241100x80000000000000006862653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7931fe5f100f9d072022-01-05 09:21:19.460root 11241100x80000000000000006862654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49dd52ee8cb62a42022-01-05 09:21:19.959root 11241100x80000000000000006862655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f02b94abe5bdba2022-01-05 09:21:19.959root 11241100x80000000000000006862656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4c350090effdb2022-01-05 09:21:19.959root 11241100x80000000000000006862657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600e1d50b54e0d162022-01-05 09:21:19.959root 11241100x80000000000000006862658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196b80bcfae9cdb2022-01-05 09:21:19.959root 11241100x80000000000000006862659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ca67500e82194f2022-01-05 09:21:19.959root 354300x80000000000000006862660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.029{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40718-false10.0.1.12-8000- 11241100x80000000000000006862661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddb4acb0b0660c12022-01-05 09:21:20.459root 11241100x80000000000000006862662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ab74d0b636edc2022-01-05 09:21:20.459root 11241100x80000000000000006862663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d28f70f9b6bc142022-01-05 09:21:20.459root 11241100x80000000000000006862664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7be9dd931a8fd2022-01-05 09:21:20.459root 11241100x80000000000000006862665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efe191584885e102022-01-05 09:21:20.459root 11241100x80000000000000006862666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f965e7f70fb8262022-01-05 09:21:20.459root 11241100x80000000000000006862667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357720acda97eab62022-01-05 09:21:20.460root 11241100x80000000000000006862668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4cc186450d4802022-01-05 09:21:20.959root 11241100x80000000000000006862669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b9a5cb967d07f2022-01-05 09:21:20.959root 11241100x80000000000000006862670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc00c6443d492092022-01-05 09:21:20.959root 11241100x80000000000000006862671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa84ec53ee41672022-01-05 09:21:20.959root 11241100x80000000000000006862672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766df4daf1d03952022-01-05 09:21:20.959root 11241100x80000000000000006862673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e7d1fd98e94fa92022-01-05 09:21:20.959root 11241100x80000000000000006862674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e242bb4190cd57b2022-01-05 09:21:20.960root 11241100x80000000000000006862675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7724dae5e5a896842022-01-05 09:21:21.459root 11241100x80000000000000006862676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8131e68e29a3678b2022-01-05 09:21:21.459root 11241100x80000000000000006862677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba581a64c898c12022-01-05 09:21:21.459root 11241100x80000000000000006862678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05d1dcd2404bcd2022-01-05 09:21:21.459root 11241100x80000000000000006862679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1da28ad215d5762022-01-05 09:21:21.459root 11241100x80000000000000006862680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440335e55207a4132022-01-05 09:21:21.459root 11241100x80000000000000006862681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad1a114aaae1932022-01-05 09:21:21.460root 11241100x80000000000000006862682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b62877c8e2406c2022-01-05 09:21:21.959root 11241100x80000000000000006862683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8008965cd113945c2022-01-05 09:21:21.959root 11241100x80000000000000006862684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408b5b9822c8d9912022-01-05 09:21:21.959root 11241100x80000000000000006862685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a4d6227c4d03542022-01-05 09:21:21.959root 11241100x80000000000000006862686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84217f6b376b089a2022-01-05 09:21:21.960root 11241100x80000000000000006862687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2edfa5794462122022-01-05 09:21:21.960root 11241100x80000000000000006862688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa1f593dfc97fec2022-01-05 09:21:21.960root 11241100x80000000000000006862689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f8f0ddd94f35f2022-01-05 09:21:22.459root 11241100x80000000000000006862690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce6fcef9a15e3232022-01-05 09:21:22.459root 11241100x80000000000000006862691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d157b6e2d05ca2022-01-05 09:21:22.459root 11241100x80000000000000006862692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97c6367397f5cec2022-01-05 09:21:22.459root 11241100x80000000000000006862693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c903fbf2588a00e2022-01-05 09:21:22.460root 11241100x80000000000000006862694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328ed4958fdf82e2022-01-05 09:21:22.460root 11241100x80000000000000006862695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bef03db99016522022-01-05 09:21:22.460root 11241100x80000000000000006862696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad3d7a57c2a6c762022-01-05 09:21:22.959root 11241100x80000000000000006862697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143c0f9889155cee2022-01-05 09:21:22.959root 11241100x80000000000000006862698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa30b9d311f2e612022-01-05 09:21:22.959root 11241100x80000000000000006862699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f0ac4df46803632022-01-05 09:21:22.959root 11241100x80000000000000006862700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dfcc22e4e2ed7b2022-01-05 09:21:22.960root 11241100x80000000000000006862701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5078ca45af3483222022-01-05 09:21:22.960root 11241100x80000000000000006862702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772cf29694fa6ff92022-01-05 09:21:22.960root 11241100x80000000000000006862703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a597837b2ef76722022-01-05 09:21:23.459root 11241100x80000000000000006862704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a6bba691c41d62022-01-05 09:21:23.459root 11241100x80000000000000006862705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fe6738d4c98cee2022-01-05 09:21:23.459root 11241100x80000000000000006862706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea76257ef7f40082022-01-05 09:21:23.459root 11241100x80000000000000006862707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f022a963b8754e2022-01-05 09:21:23.460root 11241100x80000000000000006862708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cef5c7c8800f422022-01-05 09:21:23.460root 11241100x80000000000000006862709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa14a6564f0572242022-01-05 09:21:23.460root 11241100x80000000000000006862710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d073fd6551d3d1902022-01-05 09:21:23.959root 11241100x80000000000000006862711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fc3de75e3510682022-01-05 09:21:23.959root 11241100x80000000000000006862712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e128025efd146112022-01-05 09:21:23.959root 11241100x80000000000000006862713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a7d442c762ae02022-01-05 09:21:23.960root 11241100x80000000000000006862714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b015a54bb5006cb62022-01-05 09:21:23.960root 11241100x80000000000000006862715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6a58279405452f2022-01-05 09:21:23.960root 11241100x80000000000000006862716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44b8bef46e1c4c2022-01-05 09:21:23.960root 11241100x80000000000000006862717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d8a1575cea3a1d2022-01-05 09:21:24.459root 11241100x80000000000000006862718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dfee91944fc0f12022-01-05 09:21:24.459root 11241100x80000000000000006862719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c22d746a74c6072022-01-05 09:21:24.459root 11241100x80000000000000006862720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d8cf983c8d87e42022-01-05 09:21:24.459root 11241100x80000000000000006862721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9825c520b5c1bf2022-01-05 09:21:24.460root 11241100x80000000000000006862722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d41e57b8c25976e2022-01-05 09:21:24.460root 11241100x80000000000000006862723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1aefdc6fa373442022-01-05 09:21:24.460root 23542300x80000000000000006862724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.876{ec2e79f3-62f8-61d5-8032-ea98a1550000}22931root/bin/nano/etc/.doas.conf.swp--- 534500x80000000000000006862725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.876{ec2e79f3-62f8-61d5-8032-ea98a1550000}22931/bin/nanoroot 11241100x80000000000000006862726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9e74ffbdd2873b2022-01-05 09:21:24.877root 11241100x80000000000000006862727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc0055f791412e62022-01-05 09:21:24.877root 11241100x80000000000000006862728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9594d2ca90def22022-01-05 09:21:24.877root 11241100x80000000000000006862729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ca6ceb69dfdb7a2022-01-05 09:21:24.877root 11241100x80000000000000006862730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a26f1aa85b471062022-01-05 09:21:24.878root 11241100x80000000000000006862731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e646e0f0c5c924af2022-01-05 09:21:24.878root 11241100x80000000000000006862732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62877e54d175d4162022-01-05 09:21:24.878root 534500x80000000000000006862733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-62f8-61d5-082e-1b6615560000}22930/usr/bin/sudoroot 11241100x80000000000000006862734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c53ec808fcc456a2022-01-05 09:21:24.878root 11241100x80000000000000006862735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d419f6511ee5adb52022-01-05 09:21:24.878root 11241100x80000000000000006862736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb941ce80527d032022-01-05 09:21:25.209root 11241100x80000000000000006862737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8010306a9778effa2022-01-05 09:21:25.209root 11241100x80000000000000006862738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626c7ba121970a502022-01-05 09:21:25.210root 11241100x80000000000000006862739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba5b9de13bffbb2022-01-05 09:21:25.210root 11241100x80000000000000006862740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4bf5193ed34b0d2022-01-05 09:21:25.210root 11241100x80000000000000006862741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8837edf6933834a92022-01-05 09:21:25.210root 11241100x80000000000000006862742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abff7eaee12e0002022-01-05 09:21:25.210root 11241100x80000000000000006862743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5804918c1557d1772022-01-05 09:21:25.210root 11241100x80000000000000006862744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30678c1a77b35fe2022-01-05 09:21:25.210root 11241100x80000000000000006862745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5d3cbbffc783bb2022-01-05 09:21:25.210root 11241100x80000000000000006862746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dbad059168b43c2022-01-05 09:21:25.709root 11241100x80000000000000006862747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c26d04f5acda692022-01-05 09:21:25.710root 11241100x80000000000000006862748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b218424f0565582c2022-01-05 09:21:25.710root 11241100x80000000000000006862749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d2ecfae27bdfa22022-01-05 09:21:25.710root 11241100x80000000000000006862750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dfaa8e5e07fbda2022-01-05 09:21:25.710root 11241100x80000000000000006862751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaeabc03e303a672022-01-05 09:21:25.710root 11241100x80000000000000006862752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26f3be67f991d0d2022-01-05 09:21:25.710root 11241100x80000000000000006862753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726cb9c7d07e5bd12022-01-05 09:21:25.710root 11241100x80000000000000006862754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fed1e8cf8e793e62022-01-05 09:21:25.710root 11241100x80000000000000006862755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f87fdbbc03be702022-01-05 09:21:25.710root 354300x80000000000000006862756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.013{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40720-false10.0.1.12-8000- 11241100x80000000000000006862757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dc06fcbf0e0fdc2022-01-05 09:21:26.014root 11241100x80000000000000006862758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777e9bb8adcd1af22022-01-05 09:21:26.014root 11241100x80000000000000006862759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c587cb2c76873af2022-01-05 09:21:26.014root 11241100x80000000000000006862760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad359e4c861d3d2022-01-05 09:21:26.014root 11241100x80000000000000006862761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1430dd6b47ec2bc2022-01-05 09:21:26.014root 11241100x80000000000000006862762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7849dc788fd83c02022-01-05 09:21:26.015root 11241100x80000000000000006862763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985e7a99da2c7bfa2022-01-05 09:21:26.015root 11241100x80000000000000006862764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ba5f3c36b8f5512022-01-05 09:21:26.015root 11241100x80000000000000006862765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4214fe36d88b5222022-01-05 09:21:26.015root 11241100x80000000000000006862766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b61c701f81dfe72022-01-05 09:21:26.015root 11241100x80000000000000006862767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f97bbd43b44ae92022-01-05 09:21:26.015root 11241100x80000000000000006862768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a01092423e9b9a2022-01-05 09:21:26.459root 11241100x80000000000000006862769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58794919868b70af2022-01-05 09:21:26.459root 11241100x80000000000000006862770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e295a7c99bee4e2022-01-05 09:21:26.459root 11241100x80000000000000006862771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3d8f552f1b3532022-01-05 09:21:26.459root 11241100x80000000000000006862772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99de5641bc500f392022-01-05 09:21:26.460root 11241100x80000000000000006862773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784fb384d8ed90b2022-01-05 09:21:26.460root 11241100x80000000000000006862774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7783035803f699fa2022-01-05 09:21:26.460root 11241100x80000000000000006862775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493065d0a05bef052022-01-05 09:21:26.460root 11241100x80000000000000006862776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f824170da0931c52022-01-05 09:21:26.460root 11241100x80000000000000006862777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea7970529ff3662022-01-05 09:21:26.460root 11241100x80000000000000006862778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c30180f000f6342022-01-05 09:21:26.460root 11241100x80000000000000006862779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e233d526fa1f9532022-01-05 09:21:26.959root 11241100x80000000000000006862780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fcbc796eb46ded2022-01-05 09:21:26.959root 11241100x80000000000000006862781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0698f307fe77ef02022-01-05 09:21:26.960root 11241100x80000000000000006862782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4b948fc0767382022-01-05 09:21:26.960root 11241100x80000000000000006862783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4a1fd55daa15a2022-01-05 09:21:26.960root 11241100x80000000000000006862784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809ff14f3b469d802022-01-05 09:21:26.960root 11241100x80000000000000006862785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3d32b1f980ca692022-01-05 09:21:26.960root 11241100x80000000000000006862786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce6ad14a585d9b92022-01-05 09:21:26.960root 11241100x80000000000000006862787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c92b0f24f5fd82022-01-05 09:21:26.960root 11241100x80000000000000006862788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28dc7ddce995e32022-01-05 09:21:26.960root 11241100x80000000000000006862789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf0f2c742a889c2022-01-05 09:21:26.961root 11241100x80000000000000006862790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7017733bb6b100c2022-01-05 09:21:27.459root 11241100x80000000000000006862791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292e296efa22d76a2022-01-05 09:21:27.459root 11241100x80000000000000006862792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d03865185381dc52022-01-05 09:21:27.459root 11241100x80000000000000006862793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eafc37ade9c8f62022-01-05 09:21:27.459root 11241100x80000000000000006862794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d92a506a48da72022-01-05 09:21:27.460root 11241100x80000000000000006862795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de0b3090ce21c8a2022-01-05 09:21:27.460root 11241100x80000000000000006862796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f862d302ba27efc42022-01-05 09:21:27.460root 11241100x80000000000000006862797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1b8d99a245fab42022-01-05 09:21:27.460root 11241100x80000000000000006862798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365aeb61a5e2de082022-01-05 09:21:27.460root 11241100x80000000000000006862799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9232c26f499e6a02022-01-05 09:21:27.460root 11241100x80000000000000006862800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c23825ed8494ff2022-01-05 09:21:27.461root 11241100x80000000000000006862801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247ede24fc1977372022-01-05 09:21:27.959root 11241100x80000000000000006862802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7cc6f88a8db732022-01-05 09:21:27.959root 11241100x80000000000000006862803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401830b3576e06fc2022-01-05 09:21:27.959root 11241100x80000000000000006862804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dd70685ce570a22022-01-05 09:21:27.960root 11241100x80000000000000006862805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2550d01d768c3aa42022-01-05 09:21:27.960root 11241100x80000000000000006862806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c9aef86c12d102022-01-05 09:21:27.960root 11241100x80000000000000006862807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf485a264556b2572022-01-05 09:21:27.960root 11241100x80000000000000006862808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95495908467166bf2022-01-05 09:21:27.960root 11241100x80000000000000006862809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac30fe9b825392b72022-01-05 09:21:27.960root 11241100x80000000000000006862810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ba1b334c66fcd92022-01-05 09:21:27.960root 11241100x80000000000000006862811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840f2bcd06689772022-01-05 09:21:27.961root 11241100x80000000000000006862812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671d5e940baa9ff72022-01-05 09:21:28.459root 11241100x80000000000000006862813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c717ce88135799e2022-01-05 09:21:28.459root 11241100x80000000000000006862814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf67535fc1b189d2022-01-05 09:21:28.460root 11241100x80000000000000006862815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa8d31038fe08922022-01-05 09:21:28.460root 11241100x80000000000000006862816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de09c39596599d62022-01-05 09:21:28.460root 11241100x80000000000000006862817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334bd222ed0036ec2022-01-05 09:21:28.460root 11241100x80000000000000006862818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0fab6bac7792bc2022-01-05 09:21:28.460root 11241100x80000000000000006862819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f356a86d6d22e3212022-01-05 09:21:28.460root 11241100x80000000000000006862820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cac0523fbfca0192022-01-05 09:21:28.460root 11241100x80000000000000006862821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c8de2a951235d2022-01-05 09:21:28.460root 11241100x80000000000000006862822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ef3230757f6d32022-01-05 09:21:28.461root 11241100x80000000000000006862823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15356a5b18c78e2022-01-05 09:21:28.959root 11241100x80000000000000006862824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d359d8a657200c2022-01-05 09:21:28.959root 11241100x80000000000000006862825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aae3fc9c414c9d82022-01-05 09:21:28.959root 11241100x80000000000000006862826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cfcb938db0dcef2022-01-05 09:21:28.960root 11241100x80000000000000006862827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3faed3847fc5d112022-01-05 09:21:28.960root 11241100x80000000000000006862828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a39212b567a0d482022-01-05 09:21:28.960root 11241100x80000000000000006862829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b007a89e6642dd22022-01-05 09:21:28.960root 11241100x80000000000000006862830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8b2397b41b233b2022-01-05 09:21:28.960root 11241100x80000000000000006862831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98f549d01afdc32022-01-05 09:21:28.960root 11241100x80000000000000006862832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278527296324b9fe2022-01-05 09:21:28.960root 11241100x80000000000000006862833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2659c54fc3e8faa12022-01-05 09:21:28.961root 11241100x80000000000000006862834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:21:29.402root 11241100x80000000000000006862835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647027843f9eb172022-01-05 09:21:29.403root 11241100x80000000000000006862836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1557b529c206fd2022-01-05 09:21:29.403root 11241100x80000000000000006862837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49893bde554a0fa42022-01-05 09:21:29.403root 11241100x80000000000000006862838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3749c172edb83382022-01-05 09:21:29.403root 11241100x80000000000000006862839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e405cf4a234c76392022-01-05 09:21:29.403root 11241100x80000000000000006862840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6f92fd0e8ecfe2022-01-05 09:21:29.404root 11241100x80000000000000006862841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f9f0d432778d6f2022-01-05 09:21:29.404root 11241100x80000000000000006862842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aed68b074199742022-01-05 09:21:29.404root 11241100x80000000000000006862843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af262f3bd279182022-01-05 09:21:29.404root 11241100x80000000000000006862844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c892f07ce2ea3d692022-01-05 09:21:29.404root 11241100x80000000000000006862845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b914a4ba450f8a9c2022-01-05 09:21:29.404root 11241100x80000000000000006862846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97b62c8a16297532022-01-05 09:21:29.404root 11241100x80000000000000006862847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a7062e7a6fcea12022-01-05 09:21:29.404root 11241100x80000000000000006862848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7260b7c7a7b3bc22022-01-05 09:21:29.404root 11241100x80000000000000006862849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40888e3e7f2610372022-01-05 09:21:29.709root 11241100x80000000000000006862850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcd6cb5c22f16932022-01-05 09:21:29.709root 11241100x80000000000000006862851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b141fd17c70f512022-01-05 09:21:29.710root 11241100x80000000000000006862852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd97c702644a2e2022-01-05 09:21:29.710root 11241100x80000000000000006862853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68255263b9e9aa1c2022-01-05 09:21:29.711root 11241100x80000000000000006862854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c2264e6cab7bbb2022-01-05 09:21:29.711root 11241100x80000000000000006862855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8c00e5b4660632022-01-05 09:21:29.711root 11241100x80000000000000006862856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af97cda77f4881492022-01-05 09:21:29.711root 11241100x80000000000000006862857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ceb5a3c352ebf22022-01-05 09:21:29.711root 11241100x80000000000000006862858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b043775a8a17fb8c2022-01-05 09:21:29.711root 11241100x80000000000000006862859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e37e80daa5fe632022-01-05 09:21:29.711root 11241100x80000000000000006862860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c362ec8556d43b2022-01-05 09:21:29.712root 11241100x80000000000000006862861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680842681d0026d92022-01-05 09:21:30.209root 11241100x80000000000000006862862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50358099dca7efc22022-01-05 09:21:30.209root 11241100x80000000000000006862863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ca0703653d86cc2022-01-05 09:21:30.210root 11241100x80000000000000006862864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011eeca5aa46ddb72022-01-05 09:21:30.210root 11241100x80000000000000006862865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da1e3ed69f278f2022-01-05 09:21:30.210root 11241100x80000000000000006862866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92ad0cea1de6642022-01-05 09:21:30.210root 11241100x80000000000000006862867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87bafe23624d0a82022-01-05 09:21:30.210root 11241100x80000000000000006862868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927dc82022d1d7f82022-01-05 09:21:30.210root 11241100x80000000000000006862869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277870a56d6aac9e2022-01-05 09:21:30.210root 11241100x80000000000000006862870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba05b1ffb2aec7542022-01-05 09:21:30.211root 11241100x80000000000000006862871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e844a770f507894e2022-01-05 09:21:30.211root 11241100x80000000000000006862872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4b9cc582bff0ab2022-01-05 09:21:30.211root 11241100x80000000000000006862873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6a1b49ffa99472022-01-05 09:21:30.709root 11241100x80000000000000006862874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cf757e7dd612712022-01-05 09:21:30.709root 11241100x80000000000000006862875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2d9ea35336883b2022-01-05 09:21:30.710root 11241100x80000000000000006862876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec174c78da99c652022-01-05 09:21:30.710root 11241100x80000000000000006862877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976f24590c923d432022-01-05 09:21:30.710root 11241100x80000000000000006862878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b977e1d1727a41442022-01-05 09:21:30.710root 11241100x80000000000000006862879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ce8248ab84a112022-01-05 09:21:30.710root 11241100x80000000000000006862880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530a6b987b15b242022-01-05 09:21:30.710root 11241100x80000000000000006862881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feac32797138048f2022-01-05 09:21:30.711root 11241100x80000000000000006862882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28bb532d9a5eed42022-01-05 09:21:30.711root 11241100x80000000000000006862883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d43f81fffcdd9952022-01-05 09:21:30.711root 11241100x80000000000000006862884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5268810d93d18662022-01-05 09:21:30.711root 354300x80000000000000006862885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.144{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40722-false10.0.1.12-8000- 11241100x80000000000000006862886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe9fc62d0c5fea2022-01-05 09:21:31.145root 11241100x80000000000000006862887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088fa7c4172958822022-01-05 09:21:31.145root 11241100x80000000000000006862888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6e2bec89cc03ab2022-01-05 09:21:31.146root 11241100x80000000000000006862889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c99ee9c7e3924172022-01-05 09:21:31.146root 11241100x80000000000000006862890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3b4168ec2302562022-01-05 09:21:31.146root 11241100x80000000000000006862891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff70cadead8a7ef2022-01-05 09:21:31.146root 11241100x80000000000000006862892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1db3964d3196632022-01-05 09:21:31.146root 11241100x80000000000000006862893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bb788c83e5ab942022-01-05 09:21:31.147root 11241100x80000000000000006862894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470390d6628213472022-01-05 09:21:31.147root 11241100x80000000000000006862895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6227ac659be14152022-01-05 09:21:31.147root 11241100x80000000000000006862896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286a853b5729e7182022-01-05 09:21:31.147root 11241100x80000000000000006862897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca6d39cfc429612022-01-05 09:21:31.147root 11241100x80000000000000006862898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863837f6e25a83e2022-01-05 09:21:31.147root 11241100x80000000000000006862899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b14bf5deaa015dc2022-01-05 09:21:31.459root 11241100x80000000000000006862900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b33d2ffea9c8df2022-01-05 09:21:31.460root 11241100x80000000000000006862901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49f1a29623ecb02022-01-05 09:21:31.460root 11241100x80000000000000006862902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54946d7d39731042022-01-05 09:21:31.460root 11241100x80000000000000006862903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6972293a17fc0502022-01-05 09:21:31.460root 11241100x80000000000000006862904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb86d995f7e5d252022-01-05 09:21:31.460root 11241100x80000000000000006862905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43867425c17fb9312022-01-05 09:21:31.460root 11241100x80000000000000006862906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c147377403458dc52022-01-05 09:21:31.460root 11241100x80000000000000006862907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636814f1a621f5a12022-01-05 09:21:31.460root 11241100x80000000000000006862908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765bc8a9d6a7534f2022-01-05 09:21:31.460root 11241100x80000000000000006862909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a23abcfa965bc2022-01-05 09:21:31.460root 11241100x80000000000000006862910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e01be12ae5105322022-01-05 09:21:31.460root 11241100x80000000000000006862911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a38228f1ecd7bb2022-01-05 09:21:31.460root 11241100x80000000000000006862912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e2a705b8aef73f2022-01-05 09:21:31.959root 11241100x80000000000000006862913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06da4b40d9e09fba2022-01-05 09:21:31.959root 11241100x80000000000000006862914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd1c9ae634aa4d32022-01-05 09:21:31.959root 11241100x80000000000000006862915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65210fb6ea84f5c2022-01-05 09:21:31.960root 11241100x80000000000000006862916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb668d203a3344262022-01-05 09:21:31.960root 11241100x80000000000000006862917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6cfeaebfcfd0922022-01-05 09:21:31.960root 11241100x80000000000000006862918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3670133869422eb2022-01-05 09:21:31.960root 11241100x80000000000000006862919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1b0898c47165762022-01-05 09:21:31.960root 11241100x80000000000000006862920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59bcd853ba785bc2022-01-05 09:21:31.960root 11241100x80000000000000006862921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68f7e5a9b229da32022-01-05 09:21:31.960root 11241100x80000000000000006862922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa67f3d051a8df2022-01-05 09:21:31.960root 11241100x80000000000000006862923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea84efaff593be32022-01-05 09:21:31.960root 11241100x80000000000000006862924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e28b64351279822022-01-05 09:21:31.961root 23542300x80000000000000006862925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006862926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c315fab60e3ebaf2022-01-05 09:21:32.403root 11241100x80000000000000006862927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290f8b2ae168a6772022-01-05 09:21:32.403root 11241100x80000000000000006862928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afea7bc2f4f1bcd2022-01-05 09:21:32.404root 11241100x80000000000000006862929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5a0b181a72a1112022-01-05 09:21:32.404root 11241100x80000000000000006862930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5cb1179867244a2022-01-05 09:21:32.405root 11241100x80000000000000006862931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611e423f5c32093c2022-01-05 09:21:32.405root 11241100x80000000000000006862932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef473a962e9649c2022-01-05 09:21:32.405root 11241100x80000000000000006862933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6628748e37190c7e2022-01-05 09:21:32.406root 11241100x80000000000000006862934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c56daaef667e0f2022-01-05 09:21:32.406root 11241100x80000000000000006862935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f487b05f9049e412022-01-05 09:21:32.406root 11241100x80000000000000006862936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6328fa66855374ee2022-01-05 09:21:32.406root 11241100x80000000000000006862937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2330dc93c94bfc2a2022-01-05 09:21:32.406root 11241100x80000000000000006862938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae11610595051c2022-01-05 09:21:32.407root 11241100x80000000000000006862939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e25baea921ffa82022-01-05 09:21:32.407root 11241100x80000000000000006862940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe5a935a959dd5a2022-01-05 09:21:32.407root 11241100x80000000000000006862941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0e9e4b5d136d272022-01-05 09:21:32.709root 11241100x80000000000000006862942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15bfac781b4107a2022-01-05 09:21:32.709root 11241100x80000000000000006862943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedeef2f509fbb6e2022-01-05 09:21:32.710root 11241100x80000000000000006862944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3580c7fa52d2e6592022-01-05 09:21:32.710root 11241100x80000000000000006862945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1051fecf0fd2fe782022-01-05 09:21:32.710root 11241100x80000000000000006862946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68868ddc27c3ac772022-01-05 09:21:32.710root 11241100x80000000000000006862947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9f01de9b89fd52022-01-05 09:21:32.710root 11241100x80000000000000006862948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39ca271c59ad5182022-01-05 09:21:32.710root 11241100x80000000000000006862949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c5520f0d3c5062022-01-05 09:21:32.710root 11241100x80000000000000006862950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c24d8cd889d26ce2022-01-05 09:21:32.710root 11241100x80000000000000006862951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd49087c6aed42a42022-01-05 09:21:32.710root 11241100x80000000000000006862952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcbdf96733896962022-01-05 09:21:32.710root 11241100x80000000000000006862953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a404c14a6476b7a2022-01-05 09:21:32.710root 11241100x80000000000000006862954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bfbb89cb76792b2022-01-05 09:21:32.710root 11241100x80000000000000006862955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592e37f6703e1162022-01-05 09:21:33.209root 11241100x80000000000000006862956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf51916f51b3a8c2022-01-05 09:21:33.209root 11241100x80000000000000006862957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce9d6d290fb20b72022-01-05 09:21:33.210root 11241100x80000000000000006862958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245dad44731d8792022-01-05 09:21:33.210root 11241100x80000000000000006862959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb36a7fca23f0902022-01-05 09:21:33.210root 11241100x80000000000000006862960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e19a5b3c41cf2452022-01-05 09:21:33.210root 11241100x80000000000000006862961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ae36bf688a32d2022-01-05 09:21:33.210root 11241100x80000000000000006862962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d28bd5dcefd5912022-01-05 09:21:33.210root 11241100x80000000000000006862963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455d74190534734b2022-01-05 09:21:33.210root 11241100x80000000000000006862964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e806ea901fae62022-01-05 09:21:33.210root 11241100x80000000000000006862965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f63677be242022022-01-05 09:21:33.210root 11241100x80000000000000006862966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64b024f7baf20fe2022-01-05 09:21:33.210root 11241100x80000000000000006862967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88240cf3bb52edd2022-01-05 09:21:33.211root 11241100x80000000000000006862968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1133626a6528b9f2022-01-05 09:21:33.211root 354300x80000000000000006862969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.447{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41204-false10.0.1.12-8089- 11241100x80000000000000006862970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea1e22c61ed4222022-01-05 09:21:33.709root 11241100x80000000000000006862971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac35a391be602f62022-01-05 09:21:33.709root 11241100x80000000000000006862972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e740f471e9bbf2022-01-05 09:21:33.709root 11241100x80000000000000006862973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d87c154e527a6ed2022-01-05 09:21:33.709root 11241100x80000000000000006862974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db3d23d2a1527f82022-01-05 09:21:33.709root 11241100x80000000000000006862975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfc804a6e2f15972022-01-05 09:21:33.710root 11241100x80000000000000006862976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad15595ae8dbb8b32022-01-05 09:21:33.710root 11241100x80000000000000006862977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802c9cc915aa0fcb2022-01-05 09:21:33.710root 11241100x80000000000000006862978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d443c52b7916b9502022-01-05 09:21:33.710root 11241100x80000000000000006862979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97ffdc4d9637bc2022-01-05 09:21:33.710root 11241100x80000000000000006862980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94474f8b2211c112022-01-05 09:21:33.710root 11241100x80000000000000006862981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb83050a07db9ae2022-01-05 09:21:33.710root 11241100x80000000000000006862982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f03b93f32160912022-01-05 09:21:33.710root 11241100x80000000000000006862983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3192f22ea9af705b2022-01-05 09:21:33.710root 11241100x80000000000000006862984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c1a95395382c452022-01-05 09:21:33.710root 11241100x80000000000000006862985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f1c8a4b23824d52022-01-05 09:21:34.209root 11241100x80000000000000006862986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19aac96b748acd8e2022-01-05 09:21:34.209root 11241100x80000000000000006862987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f2581b094c1f082022-01-05 09:21:34.209root 11241100x80000000000000006862988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa10cddff84f01cc2022-01-05 09:21:34.209root 11241100x80000000000000006862989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc9c579c90b53512022-01-05 09:21:34.210root 11241100x80000000000000006862990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eafd216a0338d52022-01-05 09:21:34.210root 11241100x80000000000000006862991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7312ac8de4cb2ae32022-01-05 09:21:34.210root 11241100x80000000000000006862992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9155f645c24bba5c2022-01-05 09:21:34.210root 11241100x80000000000000006862993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44009511b0d26d762022-01-05 09:21:34.210root 11241100x80000000000000006862994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac1e0ad48a8cc932022-01-05 09:21:34.211root 11241100x80000000000000006862995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b46745b4c6a862022-01-05 09:21:34.211root 11241100x80000000000000006862996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489911aea55d34e12022-01-05 09:21:34.211root 11241100x80000000000000006862997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa04656f3f0c01fe2022-01-05 09:21:34.211root 11241100x80000000000000006862998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5acef2ec32f789e2022-01-05 09:21:34.212root 11241100x80000000000000006862999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237a6a30660c76762022-01-05 09:21:34.212root 11241100x80000000000000006863000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddeff01933e85382022-01-05 09:21:34.709root 11241100x80000000000000006863001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57abd1354aded7a2022-01-05 09:21:34.710root 11241100x80000000000000006863002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae95010e324f5d182022-01-05 09:21:34.710root 11241100x80000000000000006863003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abcf482f8be4c182022-01-05 09:21:34.710root 11241100x80000000000000006863004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8a7481a0a1e7202022-01-05 09:21:34.710root 11241100x80000000000000006863005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53667005fd7fab622022-01-05 09:21:34.710root 11241100x80000000000000006863006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46988759f53d0da32022-01-05 09:21:34.710root 11241100x80000000000000006863007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e4215997d1dcf12022-01-05 09:21:34.710root 11241100x80000000000000006863008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f673ae039258b39c2022-01-05 09:21:34.710root 11241100x80000000000000006863009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69cc24acf0c22452022-01-05 09:21:34.710root 11241100x80000000000000006863010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0cd12ff23d249c2022-01-05 09:21:34.710root 11241100x80000000000000006863011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ca10d6df50ade52022-01-05 09:21:34.710root 11241100x80000000000000006863012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108a083705263ded2022-01-05 09:21:34.710root 11241100x80000000000000006863013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73848cd71844b5842022-01-05 09:21:34.710root 11241100x80000000000000006863014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5560765589de9c062022-01-05 09:21:34.710root 11241100x80000000000000006863015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da5840cf5713e5e2022-01-05 09:21:35.209root 11241100x80000000000000006863016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe50d77e05aa97432022-01-05 09:21:35.209root 11241100x80000000000000006863017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d898356b04c6dde2022-01-05 09:21:35.210root 11241100x80000000000000006863018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892e0a27a0d368f32022-01-05 09:21:35.210root 11241100x80000000000000006863019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c31e124cabc1be2022-01-05 09:21:35.210root 11241100x80000000000000006863020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511222dacbd298b92022-01-05 09:21:35.210root 11241100x80000000000000006863021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f6afaef232e94b2022-01-05 09:21:35.210root 11241100x80000000000000006863022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8891cfe1191f5b2022-01-05 09:21:35.211root 11241100x80000000000000006863023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f009a2b366c675a2022-01-05 09:21:35.211root 11241100x80000000000000006863024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7a658fa376cb6f2022-01-05 09:21:35.211root 11241100x80000000000000006863025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b03e6685f06ffe2022-01-05 09:21:35.211root 11241100x80000000000000006863026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215703edc5bf8ddd2022-01-05 09:21:35.211root 11241100x80000000000000006863027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17421e372b9523422022-01-05 09:21:35.212root 11241100x80000000000000006863028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a199860c5cdc6b2022-01-05 09:21:35.213root 11241100x80000000000000006863029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ab244d998b82c92022-01-05 09:21:35.213root 11241100x80000000000000006863030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b743e4c59537db952022-01-05 09:21:35.709root 11241100x80000000000000006863031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b312fa2ec1ad137c2022-01-05 09:21:35.709root 11241100x80000000000000006863032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fff7643416c0df32022-01-05 09:21:35.709root 11241100x80000000000000006863033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa829096a67e11b42022-01-05 09:21:35.709root 11241100x80000000000000006863034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698ffca986ef53692022-01-05 09:21:35.709root 11241100x80000000000000006863035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c943901a961038c2022-01-05 09:21:35.709root 11241100x80000000000000006863036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0b26043693ea612022-01-05 09:21:35.709root 11241100x80000000000000006863037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347a50905e85aba02022-01-05 09:21:35.710root 11241100x80000000000000006863038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b1ead0245200772022-01-05 09:21:35.710root 11241100x80000000000000006863039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce2b513b9bd31332022-01-05 09:21:35.710root 11241100x80000000000000006863040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a173b7c0855d9292022-01-05 09:21:35.710root 11241100x80000000000000006863041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39998270b945c352022-01-05 09:21:35.710root 11241100x80000000000000006863042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f3366edc0b8fa22022-01-05 09:21:35.711root 11241100x80000000000000006863043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f64064c493687b2022-01-05 09:21:35.711root 11241100x80000000000000006863044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b76a41ac3273be2022-01-05 09:21:35.712root 354300x80000000000000006863045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.209{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40726-false10.0.1.12-8000- 11241100x80000000000000006863046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20b0fa7c6eefe5b2022-01-05 09:21:36.209root 11241100x80000000000000006863047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6f5a957530c0b2022-01-05 09:21:36.210root 11241100x80000000000000006863048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc9af9ad8af32ab2022-01-05 09:21:36.210root 11241100x80000000000000006863049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72ba6f3030b154d2022-01-05 09:21:36.210root 11241100x80000000000000006863050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b34285eac350c162022-01-05 09:21:36.211root 11241100x80000000000000006863051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296831e64572da8f2022-01-05 09:21:36.211root 11241100x80000000000000006863052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16899592640edea2022-01-05 09:21:36.211root 11241100x80000000000000006863053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc196900b1d14632022-01-05 09:21:36.211root 11241100x80000000000000006863054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdf92fbb72c4e3e2022-01-05 09:21:36.211root 11241100x80000000000000006863055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e88edab1e78b142022-01-05 09:21:36.211root 11241100x80000000000000006863056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2b8cd5ba1291462022-01-05 09:21:36.211root 11241100x80000000000000006863057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d0e69fcf026f2a2022-01-05 09:21:36.212root 11241100x80000000000000006863058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0e52abf8649b412022-01-05 09:21:36.212root 11241100x80000000000000006863059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea0dc080449222c2022-01-05 09:21:36.212root 11241100x80000000000000006863060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6211c1f3e123432022-01-05 09:21:36.212root 11241100x80000000000000006863061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037b003e7c79a1322022-01-05 09:21:36.709root 11241100x80000000000000006863062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252d22beb1e908a62022-01-05 09:21:36.710root 11241100x80000000000000006863063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2553bc45915443ce2022-01-05 09:21:36.710root 11241100x80000000000000006863064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab16ae8818205ed62022-01-05 09:21:36.710root 11241100x80000000000000006863065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf1486888a79742022-01-05 09:21:36.710root 11241100x80000000000000006863066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33657d2f2ae3e3ad2022-01-05 09:21:36.710root 11241100x80000000000000006863067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272cc78a04066c3d2022-01-05 09:21:36.710root 11241100x80000000000000006863068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb05cd225500b6d72022-01-05 09:21:36.710root 11241100x80000000000000006863069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af093f780b985caa2022-01-05 09:21:36.711root 11241100x80000000000000006863070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f931a4f5dbefba552022-01-05 09:21:36.711root 11241100x80000000000000006863071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439ddd52c0a16ae02022-01-05 09:21:36.711root 11241100x80000000000000006863072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea65ad21d8294932022-01-05 09:21:36.711root 11241100x80000000000000006863073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507ab7c540bcb3d62022-01-05 09:21:36.711root 11241100x80000000000000006863074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f6776716f238ae2022-01-05 09:21:36.711root 11241100x80000000000000006863075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba39ee0c54d25bb2022-01-05 09:21:36.711root 11241100x80000000000000006863076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89722c580e88c1a2022-01-05 09:21:36.711root 11241100x80000000000000006863077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906e4b27bd1113ca2022-01-05 09:21:37.209root 11241100x80000000000000006863078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2defa33fbb386f12022-01-05 09:21:37.210root 11241100x80000000000000006863079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1de1c3cc23e3fd32022-01-05 09:21:37.210root 11241100x80000000000000006863080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d416e90ed0c2bc802022-01-05 09:21:37.210root 11241100x80000000000000006863081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa69bcf3ba635c2022-01-05 09:21:37.210root 11241100x80000000000000006863082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0a0f2f491a21c2022-01-05 09:21:37.210root 11241100x80000000000000006863083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a531a32ae04aa92022-01-05 09:21:37.210root 11241100x80000000000000006863084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8520a37e31e3a4a62022-01-05 09:21:37.210root 11241100x80000000000000006863085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e1672e7ac3e03f2022-01-05 09:21:37.210root 11241100x80000000000000006863086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10364b23e62ed042022-01-05 09:21:37.210root 11241100x80000000000000006863087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056625f06872730f2022-01-05 09:21:37.210root 11241100x80000000000000006863088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8547bec91a1275e2022-01-05 09:21:37.210root 11241100x80000000000000006863089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a82c99d237f62fe2022-01-05 09:21:37.210root 11241100x80000000000000006863090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db172e510f421f92022-01-05 09:21:37.210root 11241100x80000000000000006863091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee6ea28fe287902022-01-05 09:21:37.211root 11241100x80000000000000006863092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cdc75377f986f52022-01-05 09:21:37.211root 11241100x80000000000000006863093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48a224abea3b5912022-01-05 09:21:37.709root 11241100x80000000000000006863094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97102e029a9469e2022-01-05 09:21:37.710root 11241100x80000000000000006863095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff26076e31f06ed92022-01-05 09:21:37.710root 11241100x80000000000000006863096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae74c896f2a6e112022-01-05 09:21:37.710root 11241100x80000000000000006863097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e667d7a861785b2022-01-05 09:21:37.710root 11241100x80000000000000006863098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7ea8098b958ef2022-01-05 09:21:37.710root 11241100x80000000000000006863099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f058c2109676daa2022-01-05 09:21:37.710root 11241100x80000000000000006863100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de457c2077d113902022-01-05 09:21:37.710root 11241100x80000000000000006863101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b829795a5abab7e02022-01-05 09:21:37.710root 11241100x80000000000000006863102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be348fb3a548c362022-01-05 09:21:37.710root 11241100x80000000000000006863103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff2a469cdc46cd42022-01-05 09:21:37.711root 11241100x80000000000000006863104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23101ed701c3031a2022-01-05 09:21:37.711root 11241100x80000000000000006863105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42631854302088fb2022-01-05 09:21:37.711root 11241100x80000000000000006863106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad85497a4f29583f2022-01-05 09:21:37.711root 11241100x80000000000000006863107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62c3c81d278ea6f2022-01-05 09:21:37.711root 11241100x80000000000000006863108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24307e1b004ed922022-01-05 09:21:37.711root 11241100x80000000000000006863109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c4d1c7caa58e842022-01-05 09:21:38.209root 11241100x80000000000000006863110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9b326d156951b42022-01-05 09:21:38.210root 11241100x80000000000000006863111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd179c7834409f72022-01-05 09:21:38.210root 11241100x80000000000000006863112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0c50c64dff370f2022-01-05 09:21:38.210root 11241100x80000000000000006863113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c653e504cf364b012022-01-05 09:21:38.210root 11241100x80000000000000006863114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1316271f8d9d841d2022-01-05 09:21:38.210root 11241100x80000000000000006863115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e0a6c5cd39ca932022-01-05 09:21:38.210root 11241100x80000000000000006863116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815cf6514130ab8e2022-01-05 09:21:38.210root 11241100x80000000000000006863117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeac7b43415c29e2022-01-05 09:21:38.210root 11241100x80000000000000006863118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7595eeb332aac6a82022-01-05 09:21:38.211root 11241100x80000000000000006863119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d7c3c0050985382022-01-05 09:21:38.211root 11241100x80000000000000006863120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28827ed426df5a9a2022-01-05 09:21:38.211root 11241100x80000000000000006863121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b520f4db2c1c165c2022-01-05 09:21:38.211root 11241100x80000000000000006863122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ec0abcff260682022-01-05 09:21:38.211root 11241100x80000000000000006863123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77481d7536da85152022-01-05 09:21:38.211root 11241100x80000000000000006863124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b185a34c7bb86ce2022-01-05 09:21:38.211root 11241100x80000000000000006863125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ee0fb960822fc22022-01-05 09:21:38.709root 11241100x80000000000000006863126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d145ecb2d9c082022-01-05 09:21:38.710root 11241100x80000000000000006863127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5110ec90d9401c1e2022-01-05 09:21:38.710root 11241100x80000000000000006863128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a91901e8ba59fc2022-01-05 09:21:38.710root 11241100x80000000000000006863129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b13a1593e8a7cac2022-01-05 09:21:38.710root 11241100x80000000000000006863130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e43f299c7c5c29f2022-01-05 09:21:38.710root 11241100x80000000000000006863131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b257c0ddd4ae652022-01-05 09:21:38.710root 11241100x80000000000000006863132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd64c808e591ba342022-01-05 09:21:38.710root 11241100x80000000000000006863133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b854df4380caaabe2022-01-05 09:21:38.710root 11241100x80000000000000006863134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d644737290a3d3432022-01-05 09:21:38.711root 11241100x80000000000000006863135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dfc0579bdbc7662022-01-05 09:21:38.711root 11241100x80000000000000006863136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623bfa94f8fb86bc2022-01-05 09:21:38.711root 11241100x80000000000000006863137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd2c7724e323a272022-01-05 09:21:38.711root 11241100x80000000000000006863138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1f9bb6df9a3ffe2022-01-05 09:21:38.711root 11241100x80000000000000006863139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8014071d84f2eb882022-01-05 09:21:38.711root 11241100x80000000000000006863140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b58d61527eaac2022-01-05 09:21:38.711root 11241100x80000000000000006863141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbff276f0314fd082022-01-05 09:21:39.209root 11241100x80000000000000006863142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df382f8b516776c52022-01-05 09:21:39.209root 11241100x80000000000000006863143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285170928cfdc3062022-01-05 09:21:39.209root 11241100x80000000000000006863144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8638efc4ec72bbef2022-01-05 09:21:39.209root 11241100x80000000000000006863145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950ca8e11653277d2022-01-05 09:21:39.210root 11241100x80000000000000006863146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5600b5ac7b3839c72022-01-05 09:21:39.210root 11241100x80000000000000006863147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa1217c5e73ac442022-01-05 09:21:39.210root 11241100x80000000000000006863148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066409202182c0f52022-01-05 09:21:39.210root 11241100x80000000000000006863149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868d6e645934441b2022-01-05 09:21:39.210root 11241100x80000000000000006863150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc7ddb1109eb83d2022-01-05 09:21:39.210root 11241100x80000000000000006863151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104a4e9702aaa4252022-01-05 09:21:39.210root 11241100x80000000000000006863152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49071c82e97cada42022-01-05 09:21:39.210root 11241100x80000000000000006863153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb745b10df667412022-01-05 09:21:39.211root 11241100x80000000000000006863154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e4de7ee0edf5482022-01-05 09:21:39.211root 11241100x80000000000000006863155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e409fa3e78f6759c2022-01-05 09:21:39.211root 11241100x80000000000000006863156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1218b3a543853b32022-01-05 09:21:39.211root 11241100x80000000000000006863157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b17327fffd640712022-01-05 09:21:39.709root 11241100x80000000000000006863158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01742f685b37bd5c2022-01-05 09:21:39.710root 11241100x80000000000000006863159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda821af72acf51b2022-01-05 09:21:39.710root 11241100x80000000000000006863160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755fd2f2b461d7942022-01-05 09:21:39.710root 11241100x80000000000000006863161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd172b0881535e12022-01-05 09:21:39.710root 11241100x80000000000000006863162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f2a28006799d832022-01-05 09:21:39.711root 11241100x80000000000000006863163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db34aaabea31d0a2022-01-05 09:21:39.711root 11241100x80000000000000006863164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1107e8caf48ec9c02022-01-05 09:21:39.711root 11241100x80000000000000006863165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf6a431c019d9d2022-01-05 09:21:39.711root 11241100x80000000000000006863166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9684a4c5a834593a2022-01-05 09:21:39.711root 11241100x80000000000000006863167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892af5f39bcccdb42022-01-05 09:21:39.711root 11241100x80000000000000006863168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b972fc21c3cbd192022-01-05 09:21:39.712root 11241100x80000000000000006863169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d21489e03505f42022-01-05 09:21:39.712root 11241100x80000000000000006863170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961dbb0fc9a776a82022-01-05 09:21:39.712root 11241100x80000000000000006863171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad573876d4a51152022-01-05 09:21:39.712root 11241100x80000000000000006863172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8517cd2839c94bd2022-01-05 09:21:39.712root 11241100x80000000000000006863173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a70036c5e62d9232022-01-05 09:21:40.209root 11241100x80000000000000006863174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333f6f2b07a551e12022-01-05 09:21:40.210root 11241100x80000000000000006863175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd581483afa5b802022-01-05 09:21:40.210root 11241100x80000000000000006863176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c06278f088b51572022-01-05 09:21:40.210root 11241100x80000000000000006863177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedf5a1b17b4e6882022-01-05 09:21:40.210root 11241100x80000000000000006863178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8994bb57daf723342022-01-05 09:21:40.210root 11241100x80000000000000006863179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84cbe4740a7c4dd2022-01-05 09:21:40.210root 11241100x80000000000000006863180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4176fbebfb63622022-01-05 09:21:40.211root 11241100x80000000000000006863181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8b39f7d9fd49362022-01-05 09:21:40.211root 11241100x80000000000000006863182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff01cdaa6c86ed2022-01-05 09:21:40.211root 11241100x80000000000000006863183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c296818d2f79adfd2022-01-05 09:21:40.211root 11241100x80000000000000006863184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541cb88a4db76632022-01-05 09:21:40.211root 11241100x80000000000000006863185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839e7a601d4f181d2022-01-05 09:21:40.211root 11241100x80000000000000006863186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6194755a018701d2022-01-05 09:21:40.212root 11241100x80000000000000006863187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8f0740aad9c7992022-01-05 09:21:40.212root 11241100x80000000000000006863188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b35e22e54d03422022-01-05 09:21:40.212root 11241100x80000000000000006863189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b77a3c679d735cc2022-01-05 09:21:40.709root 11241100x80000000000000006863190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72646d08cf65c7d42022-01-05 09:21:40.710root 11241100x80000000000000006863191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7858b0978ed8d5e72022-01-05 09:21:40.710root 11241100x80000000000000006863192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b43de800e0d6c812022-01-05 09:21:40.710root 11241100x80000000000000006863193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bc8bfa3cc2db112022-01-05 09:21:40.711root 11241100x80000000000000006863194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff260ee163f897f72022-01-05 09:21:40.711root 11241100x80000000000000006863195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e883abcfb24a8ec2022-01-05 09:21:40.711root 11241100x80000000000000006863196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57931c1518189132022-01-05 09:21:40.711root 11241100x80000000000000006863197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c3d36c18d092e52022-01-05 09:21:40.711root 11241100x80000000000000006863198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f6327e9557157b2022-01-05 09:21:40.712root 11241100x80000000000000006863199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf09c27eef7c7402022-01-05 09:21:40.712root 11241100x80000000000000006863200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7927143fbd5a0e6a2022-01-05 09:21:40.712root 11241100x80000000000000006863201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b752e06c7290ae5a2022-01-05 09:21:40.712root 11241100x80000000000000006863202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fea64c36eed48522022-01-05 09:21:40.712root 11241100x80000000000000006863203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77257ab215806d162022-01-05 09:21:40.713root 11241100x80000000000000006863204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24998947cf256fb2022-01-05 09:21:40.713root 11241100x80000000000000006863205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a0194535c62e962022-01-05 09:21:41.210root 11241100x80000000000000006863206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85de48260bbda172022-01-05 09:21:41.210root 11241100x80000000000000006863207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eda1b313deff912022-01-05 09:21:41.210root 11241100x80000000000000006863208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fd7b0cef8198f82022-01-05 09:21:41.210root 11241100x80000000000000006863209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708b9020b3c563cb2022-01-05 09:21:41.210root 11241100x80000000000000006863210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dd69b5f91508a52022-01-05 09:21:41.211root 11241100x80000000000000006863211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4d09af5d2117822022-01-05 09:21:41.211root 11241100x80000000000000006863212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22482bcfe897892022-01-05 09:21:41.211root 11241100x80000000000000006863213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c870bef9161a2752022-01-05 09:21:41.211root 11241100x80000000000000006863214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee5c33ae9de73002022-01-05 09:21:41.211root 11241100x80000000000000006863215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee2172d60d903f12022-01-05 09:21:41.212root 11241100x80000000000000006863216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92842a64e86d25922022-01-05 09:21:41.212root 11241100x80000000000000006863217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ed56a932c731a82022-01-05 09:21:41.212root 11241100x80000000000000006863218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ac5f0d045eac662022-01-05 09:21:41.212root 11241100x80000000000000006863219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3437005dd77a903b2022-01-05 09:21:41.213root 11241100x80000000000000006863220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6027cd551a2c6242022-01-05 09:21:41.213root 11241100x80000000000000006863221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af45eccae5037e22022-01-05 09:21:41.709root 11241100x80000000000000006863222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9de54e1ce04234a2022-01-05 09:21:41.710root 11241100x80000000000000006863223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da3c1d1eb1f6442022-01-05 09:21:41.710root 11241100x80000000000000006863224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da58675d60def312022-01-05 09:21:41.710root 11241100x80000000000000006863225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf524e4449e5e1a72022-01-05 09:21:41.710root 11241100x80000000000000006863226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e4cec8d40f00fd2022-01-05 09:21:41.710root 11241100x80000000000000006863227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d175e8fca103ec662022-01-05 09:21:41.711root 11241100x80000000000000006863228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7217c52ce8c44962022-01-05 09:21:41.711root 11241100x80000000000000006863229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55538e0d53fccc522022-01-05 09:21:41.711root 11241100x80000000000000006863230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c75f304511d3d392022-01-05 09:21:41.711root 11241100x80000000000000006863231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d779dcc7e97c592022-01-05 09:21:41.711root 11241100x80000000000000006863232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9732243f7a96f77c2022-01-05 09:21:41.712root 11241100x80000000000000006863233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ba7b7b7196f6512022-01-05 09:21:41.712root 11241100x80000000000000006863234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0eae89ca09ddf1a2022-01-05 09:21:41.712root 11241100x80000000000000006863235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4e8b4155ec50b72022-01-05 09:21:41.712root 11241100x80000000000000006863236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b45eeff88bdb04c2022-01-05 09:21:41.712root 354300x80000000000000006863237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.137{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40728-false10.0.1.12-8000- 11241100x80000000000000006863238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.138{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce73b4f071fcd682022-01-05 09:21:42.138root 11241100x80000000000000006863239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.138{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37fb863826650002022-01-05 09:21:42.138root 11241100x80000000000000006863240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.138{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f172ac98aef69f292022-01-05 09:21:42.138root 11241100x80000000000000006863241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.138{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d976468669535f2022-01-05 09:21:42.138root 11241100x80000000000000006863242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.139{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088e66937df34ae32022-01-05 09:21:42.139root 11241100x80000000000000006863243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.139{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9e81e4f89eeeef2022-01-05 09:21:42.139root 11241100x80000000000000006863244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.139{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826d6128a4ad85b42022-01-05 09:21:42.139root 11241100x80000000000000006863245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.139{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a70cab055599cb2022-01-05 09:21:42.139root 11241100x80000000000000006863246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.139{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227d8f94d3091dea2022-01-05 09:21:42.139root 11241100x80000000000000006863247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.140{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8541899277dae272022-01-05 09:21:42.140root 11241100x80000000000000006863248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.140{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c4b22927ed48b42022-01-05 09:21:42.140root 11241100x80000000000000006863249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.140{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32243b7b0c94c83f2022-01-05 09:21:42.140root 11241100x80000000000000006863250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.140{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b370116c40603cf2022-01-05 09:21:42.140root 11241100x80000000000000006863251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.140{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d2699c03c430ce2022-01-05 09:21:42.140root 11241100x80000000000000006863252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.140{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1442f40b62fdcb3d2022-01-05 09:21:42.140root 11241100x80000000000000006863253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.141{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57f987642f801392022-01-05 09:21:42.141root 11241100x80000000000000006863254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a401bac25d063f2022-01-05 09:21:42.459root 11241100x80000000000000006863255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fdf36965b5fff92022-01-05 09:21:42.460root 11241100x80000000000000006863256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c658676177709f9d2022-01-05 09:21:42.460root 11241100x80000000000000006863257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b41a3a92f2e1242022-01-05 09:21:42.460root 11241100x80000000000000006863258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef63fe20576aa52d2022-01-05 09:21:42.460root 11241100x80000000000000006863259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5377b8086918fcb2022-01-05 09:21:42.460root 11241100x80000000000000006863260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5421cc7af2226b2022-01-05 09:21:42.460root 11241100x80000000000000006863261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a15d3e3d5ed2ee2022-01-05 09:21:42.460root 11241100x80000000000000006863262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529b2a6cd80e53432022-01-05 09:21:42.460root 11241100x80000000000000006863263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f702eec455241bd2022-01-05 09:21:42.460root 11241100x80000000000000006863264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837268e51db4cbdc2022-01-05 09:21:42.460root 11241100x80000000000000006863265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487006dde1d8db0c2022-01-05 09:21:42.460root 11241100x80000000000000006863266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5ef173ef6629fe2022-01-05 09:21:42.460root 11241100x80000000000000006863267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61381ded49bf34aa2022-01-05 09:21:42.460root 11241100x80000000000000006863268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dcd95957234fa22022-01-05 09:21:42.460root 11241100x80000000000000006863269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae175a8d1234f1582022-01-05 09:21:42.461root 11241100x80000000000000006863270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26be5219cb8d8972022-01-05 09:21:42.461root 11241100x80000000000000006863271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ae39dcdfe8dd6b2022-01-05 09:21:42.959root 11241100x80000000000000006863272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0df2d0516425a22022-01-05 09:21:42.960root 11241100x80000000000000006863273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77aabe9550e0f1bc2022-01-05 09:21:42.960root 11241100x80000000000000006863274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ed3a95608fdf162022-01-05 09:21:42.960root 11241100x80000000000000006863275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944eabedb87ea08b2022-01-05 09:21:42.960root 11241100x80000000000000006863276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a85c94baf3607d2022-01-05 09:21:42.961root 11241100x80000000000000006863277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fffae56460d10f2022-01-05 09:21:42.961root 11241100x80000000000000006863278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7170772d56a958962022-01-05 09:21:42.961root 11241100x80000000000000006863279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ffaea7173e2132022-01-05 09:21:42.961root 11241100x80000000000000006863280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb27b3da869eac2022-01-05 09:21:42.961root 11241100x80000000000000006863281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c18bb5be7faf782022-01-05 09:21:42.961root 11241100x80000000000000006863282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8827c31a166dd9082022-01-05 09:21:42.961root 11241100x80000000000000006863283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9a1cf18bfe39702022-01-05 09:21:42.961root 11241100x80000000000000006863284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ef496b123af6bb2022-01-05 09:21:42.961root 11241100x80000000000000006863285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f39c510fb32e7422022-01-05 09:21:42.961root 11241100x80000000000000006863286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391c923c30590fe72022-01-05 09:21:42.961root 11241100x80000000000000006863287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8a7b486830943f2022-01-05 09:21:42.961root 11241100x80000000000000006863288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f76bff009ffc052022-01-05 09:21:43.459root 11241100x80000000000000006863289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7631dee0d5466e912022-01-05 09:21:43.459root 11241100x80000000000000006863290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6360599eb5a2782022-01-05 09:21:43.460root 11241100x80000000000000006863291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee0c8d3349e34d92022-01-05 09:21:43.460root 11241100x80000000000000006863292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a08343746c68d8e2022-01-05 09:21:43.460root 11241100x80000000000000006863293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ee87c5845d81cf2022-01-05 09:21:43.460root 11241100x80000000000000006863294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110d816d3caad6a82022-01-05 09:21:43.460root 11241100x80000000000000006863295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f9b3c2e735ee0c2022-01-05 09:21:43.460root 11241100x80000000000000006863296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e4de5c42463e242022-01-05 09:21:43.460root 11241100x80000000000000006863297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203c48a2e3694802022-01-05 09:21:43.460root 11241100x80000000000000006863298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d0fa2a9cbb8f892022-01-05 09:21:43.460root 11241100x80000000000000006863299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb94610a264f86c2022-01-05 09:21:43.461root 11241100x80000000000000006863300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3c5b506c0855a72022-01-05 09:21:43.461root 11241100x80000000000000006863301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1532887be9cca4252022-01-05 09:21:43.461root 11241100x80000000000000006863302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89570131a3b9a06e2022-01-05 09:21:43.462root 11241100x80000000000000006863303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9e28840f0153b62022-01-05 09:21:43.462root 11241100x80000000000000006863304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cbda213da10bd82022-01-05 09:21:43.462root 11241100x80000000000000006863305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bceb28702bbb4602022-01-05 09:21:43.959root 11241100x80000000000000006863306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9fe6aa5e4cc1252022-01-05 09:21:43.959root 11241100x80000000000000006863307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e2cc1d2db8605f2022-01-05 09:21:43.959root 11241100x80000000000000006863308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a77bdfe65276a52022-01-05 09:21:43.959root 11241100x80000000000000006863309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8045f4b48f49c8842022-01-05 09:21:43.960root 11241100x80000000000000006863310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa7563acb36c76d2022-01-05 09:21:43.960root 11241100x80000000000000006863311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4005f2329fca35e02022-01-05 09:21:43.960root 11241100x80000000000000006863312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e2355887adf2fb2022-01-05 09:21:43.960root 11241100x80000000000000006863313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0343e72b49be9a322022-01-05 09:21:43.960root 11241100x80000000000000006863314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe3a2a01cf1b4592022-01-05 09:21:43.960root 11241100x80000000000000006863315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de2808cde2068c32022-01-05 09:21:43.960root 11241100x80000000000000006863316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204a378ebb012e72022-01-05 09:21:43.960root 11241100x80000000000000006863317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138aca441be33f6f2022-01-05 09:21:43.960root 11241100x80000000000000006863318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eced53fcb9c899832022-01-05 09:21:43.960root 11241100x80000000000000006863319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7abd745b7154f72022-01-05 09:21:43.961root 11241100x80000000000000006863320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbff842fb8fa9a552022-01-05 09:21:43.961root 11241100x80000000000000006863321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c860752483290812022-01-05 09:21:43.961root 11241100x80000000000000006863322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b587b0600fa4c3142022-01-05 09:21:44.460root 11241100x80000000000000006863323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032aa0e4b059f23a2022-01-05 09:21:44.460root 11241100x80000000000000006863324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b20fc2e948ceb1b2022-01-05 09:21:44.460root 11241100x80000000000000006863325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06464956c6304fa12022-01-05 09:21:44.460root 11241100x80000000000000006863326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd930c2c5a6da42022-01-05 09:21:44.460root 11241100x80000000000000006863327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ea808a092f41562022-01-05 09:21:44.460root 11241100x80000000000000006863328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f431f7720f69832022-01-05 09:21:44.460root 11241100x80000000000000006863329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac7887cb09607362022-01-05 09:21:44.460root 11241100x80000000000000006863330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c980ede07661a6ac2022-01-05 09:21:44.460root 11241100x80000000000000006863331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924ad4faae5a5cd82022-01-05 09:21:44.461root 11241100x80000000000000006863332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a54a04db0bba1c2022-01-05 09:21:44.461root 11241100x80000000000000006863333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbda1db26c5bdd92022-01-05 09:21:44.461root 11241100x80000000000000006863334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d8e726803f68212022-01-05 09:21:44.461root 11241100x80000000000000006863335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142c04adff2585532022-01-05 09:21:44.461root 11241100x80000000000000006863336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60515f7280be492f2022-01-05 09:21:44.461root 11241100x80000000000000006863337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9aa8da8b257cfb2022-01-05 09:21:44.461root 11241100x80000000000000006863338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9fbb3da8a8e0412022-01-05 09:21:44.462root 11241100x80000000000000006863339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc1b05d02066732022-01-05 09:21:44.959root 11241100x80000000000000006863340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1ac02f821a906e2022-01-05 09:21:44.959root 11241100x80000000000000006863341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348824e32bcc98132022-01-05 09:21:44.960root 11241100x80000000000000006863342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2ef7b1643333952022-01-05 09:21:44.960root 11241100x80000000000000006863343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae647c8cea225f2022-01-05 09:21:44.960root 11241100x80000000000000006863344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c435f8dcea9b8d62022-01-05 09:21:44.960root 11241100x80000000000000006863345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc78a10d02a70e572022-01-05 09:21:44.960root 11241100x80000000000000006863346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e5f2e6404801ff2022-01-05 09:21:44.960root 11241100x80000000000000006863347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928afc5de0abe2652022-01-05 09:21:44.960root 11241100x80000000000000006863348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbbcda898d55b162022-01-05 09:21:44.960root 11241100x80000000000000006863349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc8f320ebfab3a2022-01-05 09:21:44.960root 11241100x80000000000000006863350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a607aabcc592df2022-01-05 09:21:44.960root 11241100x80000000000000006863351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a28aa808cfb5562022-01-05 09:21:44.960root 11241100x80000000000000006863352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35246253d52cbdb82022-01-05 09:21:44.960root 11241100x80000000000000006863353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae5e8d901a336842022-01-05 09:21:44.960root 11241100x80000000000000006863354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5dbb794e455b0a2022-01-05 09:21:44.961root 11241100x80000000000000006863355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c9a83a7aedbd1a2022-01-05 09:21:44.961root 11241100x80000000000000006863356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902f1cd2a34839f72022-01-05 09:21:45.459root 11241100x80000000000000006863357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9980a80bd80f921f2022-01-05 09:21:45.459root 11241100x80000000000000006863358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e516d71e7379ee92022-01-05 09:21:45.459root 11241100x80000000000000006863359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d223adb60ee2d2022-01-05 09:21:45.460root 11241100x80000000000000006863360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6872142b51263f082022-01-05 09:21:45.460root 11241100x80000000000000006863361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c947d253063a4962022-01-05 09:21:45.460root 11241100x80000000000000006863362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1158fde70c3818af2022-01-05 09:21:45.460root 11241100x80000000000000006863363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8737eff26c077b972022-01-05 09:21:45.460root 11241100x80000000000000006863364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c2d1481662b9be2022-01-05 09:21:45.460root 11241100x80000000000000006863365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b391a30d175c1e72022-01-05 09:21:45.460root 11241100x80000000000000006863366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0cd4343b2aff7a2022-01-05 09:21:45.460root 11241100x80000000000000006863367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4450da4b860197292022-01-05 09:21:45.460root 11241100x80000000000000006863368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c94d42d041721ec2022-01-05 09:21:45.460root 11241100x80000000000000006863369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22abd522a54b14352022-01-05 09:21:45.460root 11241100x80000000000000006863370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4927872c719dcbe2022-01-05 09:21:45.460root 11241100x80000000000000006863371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0575a6b6a1189e6d2022-01-05 09:21:45.460root 11241100x80000000000000006863372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31815a8f760807952022-01-05 09:21:45.460root 11241100x80000000000000006863373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38fa752f82981502022-01-05 09:21:45.959root 11241100x80000000000000006863374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076ac2e2143dd3b2022-01-05 09:21:45.960root 11241100x80000000000000006863375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850fd4572bb3d25e2022-01-05 09:21:45.960root 11241100x80000000000000006863376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd28b897b4084ce2022-01-05 09:21:45.960root 11241100x80000000000000006863377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5e7df0e71afcbf2022-01-05 09:21:45.960root 11241100x80000000000000006863378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef65e3ae94ae906a2022-01-05 09:21:45.960root 11241100x80000000000000006863379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97702ead27b6ad2b2022-01-05 09:21:45.960root 11241100x80000000000000006863380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fcb43afb07e6432022-01-05 09:21:45.960root 11241100x80000000000000006863381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d92052d7447ca52022-01-05 09:21:45.961root 11241100x80000000000000006863382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8829e3a18777fd7e2022-01-05 09:21:45.961root 11241100x80000000000000006863383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f2a0a12b838e3b2022-01-05 09:21:45.961root 11241100x80000000000000006863384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee5e80bf6453e2b2022-01-05 09:21:45.961root 11241100x80000000000000006863385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b13dc30d8fe75d2022-01-05 09:21:45.961root 11241100x80000000000000006863386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba199e693c4a5ab02022-01-05 09:21:45.962root 11241100x80000000000000006863387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3ced5eec9a7e422022-01-05 09:21:45.962root 11241100x80000000000000006863388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02206dbb38e464ec2022-01-05 09:21:45.962root 11241100x80000000000000006863389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0f37f4e8c890992022-01-05 09:21:45.962root 11241100x80000000000000006863390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3713c3a1efbe64d2022-01-05 09:21:46.460root 11241100x80000000000000006863391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f561915d4af39872022-01-05 09:21:46.460root 11241100x80000000000000006863392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c5fa75080a71d32022-01-05 09:21:46.460root 11241100x80000000000000006863393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34451a3bb32248422022-01-05 09:21:46.460root 11241100x80000000000000006863394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3384a529bac586e92022-01-05 09:21:46.460root 11241100x80000000000000006863395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ece28372d1d8f9c2022-01-05 09:21:46.460root 11241100x80000000000000006863396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb546f6bfa5fba2022-01-05 09:21:46.460root 11241100x80000000000000006863397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291a07345546f672022-01-05 09:21:46.460root 11241100x80000000000000006863398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b96d2997bd6fc2022-01-05 09:21:46.460root 11241100x80000000000000006863399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1ff9e5deba49fd2022-01-05 09:21:46.461root 11241100x80000000000000006863400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68eed0497c44e942022-01-05 09:21:46.461root 11241100x80000000000000006863401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbc5af384dc2b902022-01-05 09:21:46.461root 11241100x80000000000000006863402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb058d03ad525e2022-01-05 09:21:46.461root 11241100x80000000000000006863403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537473c7b6c9308a2022-01-05 09:21:46.461root 11241100x80000000000000006863404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a16dd8814508d52022-01-05 09:21:46.461root 11241100x80000000000000006863405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcc4e10738d5d272022-01-05 09:21:46.461root 11241100x80000000000000006863406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f495e1cf39944fd2022-01-05 09:21:46.461root 11241100x80000000000000006863407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97893eeb0ff7fc0c2022-01-05 09:21:46.959root 11241100x80000000000000006863408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b8d47f0021549a2022-01-05 09:21:46.959root 11241100x80000000000000006863409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf62ec9da9f49472022-01-05 09:21:46.959root 11241100x80000000000000006863410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75f3a22917566b42022-01-05 09:21:46.959root 11241100x80000000000000006863411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0477c92f285eed42022-01-05 09:21:46.959root 11241100x80000000000000006863412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0db06f5c20c7b122022-01-05 09:21:46.960root 11241100x80000000000000006863413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e62393777d251a2022-01-05 09:21:46.960root 11241100x80000000000000006863414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d54dddaa452ce42022-01-05 09:21:46.960root 11241100x80000000000000006863415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63812a66f31fac12022-01-05 09:21:46.960root 11241100x80000000000000006863416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c42b6db9b176162022-01-05 09:21:46.960root 11241100x80000000000000006863417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b96218abaa185ee2022-01-05 09:21:46.960root 11241100x80000000000000006863418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a94eea9bc973802022-01-05 09:21:46.960root 11241100x80000000000000006863419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d277cc6773265a082022-01-05 09:21:46.960root 11241100x80000000000000006863420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54d7bf9ddeee63e2022-01-05 09:21:46.960root 11241100x80000000000000006863421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407b7f87c9e972812022-01-05 09:21:46.960root 11241100x80000000000000006863422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7570a5c4b616e3e12022-01-05 09:21:46.960root 11241100x80000000000000006863423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e640cbe6b839ba2022-01-05 09:21:46.960root 354300x80000000000000006863424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.231{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40730-false10.0.1.12-8000- 11241100x80000000000000006863425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a67dde7a1842ba2022-01-05 09:21:47.232root 11241100x80000000000000006863426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569d4102c270ab432022-01-05 09:21:47.232root 11241100x80000000000000006863427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a60b2e802bd99d22022-01-05 09:21:47.233root 11241100x80000000000000006863428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a1f6bb5ba4dfa22022-01-05 09:21:47.233root 11241100x80000000000000006863429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6785e954fecfa9522022-01-05 09:21:47.233root 11241100x80000000000000006863430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2181830df5fc9322022-01-05 09:21:47.233root 11241100x80000000000000006863431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec3686e0996fbd32022-01-05 09:21:47.234root 11241100x80000000000000006863432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe060e842947dcf2022-01-05 09:21:47.234root 11241100x80000000000000006863433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d8a5c7026786752022-01-05 09:21:47.234root 11241100x80000000000000006863434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4121a73dcfc4d0d12022-01-05 09:21:47.234root 11241100x80000000000000006863435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfb1a1965b2d0ca2022-01-05 09:21:47.234root 11241100x80000000000000006863436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac5722e3c9000dd2022-01-05 09:21:47.234root 11241100x80000000000000006863437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f87a46ed36264fe2022-01-05 09:21:47.234root 11241100x80000000000000006863438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7733a0bdbda42212022-01-05 09:21:47.234root 11241100x80000000000000006863439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de96eec88cfa948e2022-01-05 09:21:47.235root 11241100x80000000000000006863440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecf10250f65b35f2022-01-05 09:21:47.235root 11241100x80000000000000006863441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877e4e2745c15b4e2022-01-05 09:21:47.235root 11241100x80000000000000006863442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb937f110a3a4542022-01-05 09:21:47.235root 11241100x80000000000000006863443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870b1c94b117ef162022-01-05 09:21:47.235root 11241100x80000000000000006863444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ab60a13eda42a2022-01-05 09:21:47.235root 11241100x80000000000000006863445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84197eb9fd9264752022-01-05 09:21:47.235root 11241100x80000000000000006863446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a862c5c9530a46de2022-01-05 09:21:47.235root 11241100x80000000000000006863447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626167f644b524462022-01-05 09:21:47.236root 11241100x80000000000000006863448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff20089e86541a0f2022-01-05 09:21:47.236root 11241100x80000000000000006863449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e9f34127a05cb92022-01-05 09:21:47.710root 11241100x80000000000000006863450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ac8ec71191333a2022-01-05 09:21:47.710root 11241100x80000000000000006863451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d498d750144cfb92022-01-05 09:21:47.710root 11241100x80000000000000006863452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19b2b80745863322022-01-05 09:21:47.710root 11241100x80000000000000006863453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031369d97a4b36102022-01-05 09:21:47.710root 11241100x80000000000000006863454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818f588035fb004c2022-01-05 09:21:47.710root 11241100x80000000000000006863455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1dea34665dd282022-01-05 09:21:47.710root 11241100x80000000000000006863456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6f74494563320b2022-01-05 09:21:47.710root 11241100x80000000000000006863457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eece0c9b76a0a502022-01-05 09:21:47.710root 11241100x80000000000000006863458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0e6bd125dc75e02022-01-05 09:21:47.710root 11241100x80000000000000006863459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571e0963cbe8e5fb2022-01-05 09:21:47.710root 11241100x80000000000000006863460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d445f66b314f5452022-01-05 09:21:47.711root 11241100x80000000000000006863461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0975b54c53767fb22022-01-05 09:21:47.711root 11241100x80000000000000006863462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b189094c5375e9452022-01-05 09:21:47.711root 11241100x80000000000000006863463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eae2898cc7e3f02022-01-05 09:21:47.711root 11241100x80000000000000006863464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e11ff3d4854e122022-01-05 09:21:47.711root 11241100x80000000000000006863465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cf60dc2f0528312022-01-05 09:21:47.711root 11241100x80000000000000006863466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0320af6e2e20473d2022-01-05 09:21:47.711root 11241100x80000000000000006863467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6da84ec46503942022-01-05 09:21:48.209root 11241100x80000000000000006863468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6575b545b96452bc2022-01-05 09:21:48.209root 11241100x80000000000000006863469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9ccfc4be5fbba2022-01-05 09:21:48.209root 11241100x80000000000000006863470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99495bed9fd727a92022-01-05 09:21:48.209root 11241100x80000000000000006863471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4b8b5e99fc423e2022-01-05 09:21:48.209root 11241100x80000000000000006863472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3eb01419d932e52022-01-05 09:21:48.210root 11241100x80000000000000006863473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeff4e2466102f82022-01-05 09:21:48.210root 11241100x80000000000000006863474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9305a4f41f126e5e2022-01-05 09:21:48.210root 11241100x80000000000000006863475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebab7425f5d9d2d2022-01-05 09:21:48.210root 11241100x80000000000000006863476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd29eeacf2655dd2022-01-05 09:21:48.210root 11241100x80000000000000006863477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fe1d7b275f54642022-01-05 09:21:48.210root 11241100x80000000000000006863478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c59a37d9fd72a82022-01-05 09:21:48.210root 11241100x80000000000000006863479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704d46f6b365f2432022-01-05 09:21:48.211root 11241100x80000000000000006863480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e73e2dc63508072022-01-05 09:21:48.211root 11241100x80000000000000006863481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8275f44a30b1fa2022-01-05 09:21:48.211root 11241100x80000000000000006863482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453c2b286e2c43e32022-01-05 09:21:48.211root 11241100x80000000000000006863483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5f6b5a11888b402022-01-05 09:21:48.211root 11241100x80000000000000006863484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27d2d08aa5c35e72022-01-05 09:21:48.211root 11241100x80000000000000006863485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebf7f48c76c8f8c2022-01-05 09:21:48.710root 11241100x80000000000000006863486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081a11f9490739c92022-01-05 09:21:48.710root 11241100x80000000000000006863487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b3277b1f42039e2022-01-05 09:21:48.710root 11241100x80000000000000006863488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d46737bc678612022-01-05 09:21:48.710root 11241100x80000000000000006863489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6a96550241c0ce2022-01-05 09:21:48.711root 11241100x80000000000000006863490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cd08e927b16cbf2022-01-05 09:21:48.711root 11241100x80000000000000006863491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5c66eb4ba67282022-01-05 09:21:48.711root 11241100x80000000000000006863492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b1b87fbe99674b2022-01-05 09:21:48.711root 11241100x80000000000000006863493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82a8230072b19892022-01-05 09:21:48.711root 11241100x80000000000000006863494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a424a9c47a5f32022-01-05 09:21:48.711root 11241100x80000000000000006863495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e90604a184dac62022-01-05 09:21:48.711root 11241100x80000000000000006863496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01e3004af93cbbf2022-01-05 09:21:48.711root 11241100x80000000000000006863497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df892973d863b3892022-01-05 09:21:48.711root 11241100x80000000000000006863498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9cf116cf10a6b42022-01-05 09:21:48.711root 11241100x80000000000000006863499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043a8df6146162e92022-01-05 09:21:48.711root 11241100x80000000000000006863500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b08de60ecd5be82022-01-05 09:21:48.712root 11241100x80000000000000006863501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3dddddaf08e37d2022-01-05 09:21:48.712root 11241100x80000000000000006863502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ac8b7965592d702022-01-05 09:21:48.712root 11241100x80000000000000006863503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e304f89ca7e290c2022-01-05 09:21:49.209root 11241100x80000000000000006863504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4075b268a73fe632022-01-05 09:21:49.209root 11241100x80000000000000006863505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916480a551e253842022-01-05 09:21:49.210root 11241100x80000000000000006863506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b176472ec1ae1e2022-01-05 09:21:49.210root 11241100x80000000000000006863507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493ba767ea9dcb8e2022-01-05 09:21:49.210root 11241100x80000000000000006863508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a899e939197723b2022-01-05 09:21:49.210root 11241100x80000000000000006863509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97299d3be747b2022022-01-05 09:21:49.210root 11241100x80000000000000006863510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db4f0957fb071252022-01-05 09:21:49.210root 11241100x80000000000000006863511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cecf352274acdec2022-01-05 09:21:49.210root 11241100x80000000000000006863512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6435b00ddf9f15ab2022-01-05 09:21:49.210root 11241100x80000000000000006863513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fffd00ab709ed372022-01-05 09:21:49.210root 11241100x80000000000000006863514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d782ffde3e922f812022-01-05 09:21:49.211root 11241100x80000000000000006863515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c449e8997d33a842022-01-05 09:21:49.211root 11241100x80000000000000006863516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0cc7c388138b592022-01-05 09:21:49.211root 11241100x80000000000000006863517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c97495128f6eedd2022-01-05 09:21:49.211root 11241100x80000000000000006863518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1016c5330580dc82022-01-05 09:21:49.211root 11241100x80000000000000006863519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0893cd9b576dcf12022-01-05 09:21:49.211root 11241100x80000000000000006863520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db749adda5b5a2562022-01-05 09:21:49.211root 11241100x80000000000000006863521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2252db762c64c9e2022-01-05 09:21:49.709root 11241100x80000000000000006863522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b69b2e1db4741632022-01-05 09:21:49.709root 11241100x80000000000000006863523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea616bc925017b62022-01-05 09:21:49.709root 11241100x80000000000000006863524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8173e28f32720c882022-01-05 09:21:49.710root 11241100x80000000000000006863525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8d4a76a3e2bd5e2022-01-05 09:21:49.710root 11241100x80000000000000006863526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7cfc33038e12b2022-01-05 09:21:49.710root 11241100x80000000000000006863527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e14179f14908b7c2022-01-05 09:21:49.710root 11241100x80000000000000006863528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6b8c25c7ffc6c92022-01-05 09:21:49.710root 11241100x80000000000000006863529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da790574e004ea2022-01-05 09:21:49.710root 11241100x80000000000000006863530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f7b889e0adbe0a2022-01-05 09:21:49.710root 11241100x80000000000000006863531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57864541d5b0d8fe2022-01-05 09:21:49.710root 11241100x80000000000000006863532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6604cc1aa89d350d2022-01-05 09:21:49.710root 11241100x80000000000000006863533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c609041a49713b2022-01-05 09:21:49.710root 11241100x80000000000000006863534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668f543f6a86cba72022-01-05 09:21:49.710root 11241100x80000000000000006863535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b667839715cfd82022-01-05 09:21:49.710root 11241100x80000000000000006863536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64d727e06863dca2022-01-05 09:21:49.710root 11241100x80000000000000006863537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08c376ffc3e341e2022-01-05 09:21:49.711root 11241100x80000000000000006863538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28454319746b4d12022-01-05 09:21:49.711root 11241100x80000000000000006863539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d77d84b9afc1d82022-01-05 09:21:50.210root 11241100x80000000000000006863540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a483cf575bfe37b22022-01-05 09:21:50.210root 11241100x80000000000000006863541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58d855863c0fc122022-01-05 09:21:50.210root 11241100x80000000000000006863542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94315684bf01ab3d2022-01-05 09:21:50.210root 11241100x80000000000000006863543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a870726cd49d3eaa2022-01-05 09:21:50.210root 11241100x80000000000000006863544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73ad7668e7c903f2022-01-05 09:21:50.210root 11241100x80000000000000006863545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e61be855bb027c2022-01-05 09:21:50.210root 11241100x80000000000000006863546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ff97d5dbfaa51a2022-01-05 09:21:50.211root 11241100x80000000000000006863547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd760be6261ebe42022-01-05 09:21:50.211root 11241100x80000000000000006863548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f1ef32653c60392022-01-05 09:21:50.211root 11241100x80000000000000006863549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e90b48938c8ebe2022-01-05 09:21:50.211root 11241100x80000000000000006863550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a210dc9109d0d12022-01-05 09:21:50.211root 11241100x80000000000000006863551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6911df6953282a072022-01-05 09:21:50.211root 11241100x80000000000000006863552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691f71517d580a7f2022-01-05 09:21:50.211root 11241100x80000000000000006863553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eeaea270c800c22022-01-05 09:21:50.211root 11241100x80000000000000006863554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a7626491d517782022-01-05 09:21:50.211root 11241100x80000000000000006863555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b13853a13f6b2ea2022-01-05 09:21:50.211root 11241100x80000000000000006863556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103f5537f33b7a1b2022-01-05 09:21:50.212root 11241100x80000000000000006863557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afda2b6161d99862022-01-05 09:21:50.710root 11241100x80000000000000006863558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de3a6b4439166622022-01-05 09:21:50.710root 11241100x80000000000000006863559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394fd0a97cc3ccb22022-01-05 09:21:50.710root 11241100x80000000000000006863560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecfc532065481552022-01-05 09:21:50.710root 11241100x80000000000000006863561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb9701548916a7b2022-01-05 09:21:50.710root 11241100x80000000000000006863562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4cccd5af00cfc2022-01-05 09:21:50.710root 11241100x80000000000000006863563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963885328eeb808f2022-01-05 09:21:50.710root 11241100x80000000000000006863564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3723ff6581748b2022-01-05 09:21:50.710root 11241100x80000000000000006863565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffecf5aa146d211f2022-01-05 09:21:50.711root 11241100x80000000000000006863566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48329d6203d1d7ce2022-01-05 09:21:50.711root 11241100x80000000000000006863567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcd2d21b771fdea2022-01-05 09:21:50.711root 11241100x80000000000000006863568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bec143ab8a480ac2022-01-05 09:21:50.711root 11241100x80000000000000006863569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c8fe5a84ad2f122022-01-05 09:21:50.711root 11241100x80000000000000006863570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1a3e669bddcbdc2022-01-05 09:21:50.711root 11241100x80000000000000006863571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82841fb1ffa614622022-01-05 09:21:50.711root 11241100x80000000000000006863572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b223123b7dc15362022-01-05 09:21:50.711root 11241100x80000000000000006863573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c74cb97c425fb162022-01-05 09:21:50.711root 11241100x80000000000000006863574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf05accc7158e4c2022-01-05 09:21:50.711root 11241100x80000000000000006863575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8ece32026a92472022-01-05 09:21:51.210root 11241100x80000000000000006863576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc831b34ad9572652022-01-05 09:21:51.210root 11241100x80000000000000006863577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b416864f2cf6312022-01-05 09:21:51.210root 11241100x80000000000000006863578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b909f9afa723162022-01-05 09:21:51.210root 11241100x80000000000000006863579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5c29b072cd11392022-01-05 09:21:51.210root 11241100x80000000000000006863580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3788d359e860ca62022-01-05 09:21:51.210root 11241100x80000000000000006863581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409de905cdf4ba132022-01-05 09:21:51.210root 11241100x80000000000000006863582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e25c5219d118042022-01-05 09:21:51.210root 11241100x80000000000000006863583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b69a805a23ec9f2022-01-05 09:21:51.210root 11241100x80000000000000006863584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea332f4bd2d8ec02022-01-05 09:21:51.210root 11241100x80000000000000006863585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ca1990e9fbffa2022-01-05 09:21:51.210root 11241100x80000000000000006863586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1550e03cc5b146e2022-01-05 09:21:51.211root 11241100x80000000000000006863587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c112c648b81bd72022-01-05 09:21:51.211root 11241100x80000000000000006863588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdd8bea95615f732022-01-05 09:21:51.211root 11241100x80000000000000006863589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ed993f76fe5612022-01-05 09:21:51.211root 11241100x80000000000000006863590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f698cca77471212022-01-05 09:21:51.211root 11241100x80000000000000006863591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1ff87229906822022-01-05 09:21:51.211root 11241100x80000000000000006863592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e0f78d70d8ea682022-01-05 09:21:51.211root 11241100x80000000000000006863593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5d4f3be23dc73d2022-01-05 09:21:51.710root 11241100x80000000000000006863594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d10791608015162022-01-05 09:21:51.710root 11241100x80000000000000006863595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7ce49e6cf0cd5a2022-01-05 09:21:51.710root 11241100x80000000000000006863596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23886da032abf20b2022-01-05 09:21:51.710root 11241100x80000000000000006863597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc0f297646eaa802022-01-05 09:21:51.710root 11241100x80000000000000006863598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebc095bdda8dd5b2022-01-05 09:21:51.710root 11241100x80000000000000006863599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84db1fc696ef20c12022-01-05 09:21:51.710root 11241100x80000000000000006863600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda533bf1d437f552022-01-05 09:21:51.710root 11241100x80000000000000006863601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146becdcece395722022-01-05 09:21:51.710root 11241100x80000000000000006863602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73126965892a0b82022-01-05 09:21:51.710root 11241100x80000000000000006863603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd56ec7d1dea87a2022-01-05 09:21:51.710root 11241100x80000000000000006863604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44953e769dd82a432022-01-05 09:21:51.710root 11241100x80000000000000006863605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4e0c56f56d07b92022-01-05 09:21:51.710root 11241100x80000000000000006863606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7187cb26889c7b2e2022-01-05 09:21:51.710root 11241100x80000000000000006863607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fb7aa9324bc53a2022-01-05 09:21:51.711root 11241100x80000000000000006863608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa445e298b28232022-01-05 09:21:51.711root 11241100x80000000000000006863609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8778f98c636502822022-01-05 09:21:51.711root 11241100x80000000000000006863610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ba8bd41edd1ca22022-01-05 09:21:51.711root 11241100x80000000000000006863611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfc0d4c23a65b642022-01-05 09:21:52.210root 11241100x80000000000000006863612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c2eb6f361042ab2022-01-05 09:21:52.210root 11241100x80000000000000006863613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ac781d6d1813932022-01-05 09:21:52.210root 11241100x80000000000000006863614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b32d5ccc5c94b982022-01-05 09:21:52.210root 11241100x80000000000000006863615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd9d1564756c8d2022-01-05 09:21:52.210root 11241100x80000000000000006863616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d4c73542ef24cd2022-01-05 09:21:52.210root 11241100x80000000000000006863617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a4a3b3eebef52d2022-01-05 09:21:52.210root 11241100x80000000000000006863618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f17a902bd90588e2022-01-05 09:21:52.210root 11241100x80000000000000006863619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7195b76abc5673c72022-01-05 09:21:52.210root 11241100x80000000000000006863620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1653099fb890b1842022-01-05 09:21:52.210root 11241100x80000000000000006863621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629e505cfc0ae1a62022-01-05 09:21:52.210root 11241100x80000000000000006863622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b187cbc28b1b33962022-01-05 09:21:52.210root 11241100x80000000000000006863623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c90d969bae3d03d2022-01-05 09:21:52.211root 11241100x80000000000000006863624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259db0ad370b418c2022-01-05 09:21:52.211root 11241100x80000000000000006863625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39123fd7a655c052022-01-05 09:21:52.211root 11241100x80000000000000006863626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab9bc963375b8df2022-01-05 09:21:52.211root 11241100x80000000000000006863627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae403ba529060622022-01-05 09:21:52.211root 11241100x80000000000000006863628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a021ab7ddf57dfec2022-01-05 09:21:52.211root 11241100x80000000000000006863629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753ed725c7ec1fab2022-01-05 09:21:52.710root 11241100x80000000000000006863630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5580abc031f6c6412022-01-05 09:21:52.710root 11241100x80000000000000006863631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5543c494edbbd72022-01-05 09:21:52.710root 11241100x80000000000000006863632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eda9f441dda55582022-01-05 09:21:52.710root 11241100x80000000000000006863633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a158552e87743f2022-01-05 09:21:52.710root 11241100x80000000000000006863634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36276da46d9e2a392022-01-05 09:21:52.710root 11241100x80000000000000006863635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038b170feeda7f272022-01-05 09:21:52.710root 11241100x80000000000000006863636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52657648c7bc7da2022-01-05 09:21:52.710root 11241100x80000000000000006863637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b0361a592135e2022-01-05 09:21:52.710root 11241100x80000000000000006863638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff63483d31e36b72022-01-05 09:21:52.710root 11241100x80000000000000006863639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d239051c07e1012022-01-05 09:21:52.710root 11241100x80000000000000006863640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ef579a099719f82022-01-05 09:21:52.710root 11241100x80000000000000006863641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d4a99903facc6e2022-01-05 09:21:52.710root 11241100x80000000000000006863642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6edb364c82371a2022-01-05 09:21:52.710root 11241100x80000000000000006863643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd737fb7097540522022-01-05 09:21:52.711root 11241100x80000000000000006863644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24b431853e23a0e2022-01-05 09:21:52.711root 11241100x80000000000000006863645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea76724983e845a92022-01-05 09:21:52.711root 11241100x80000000000000006863646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:52.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46ceb9fa40042b92022-01-05 09:21:52.711root 354300x80000000000000006863647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.031{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40732-false10.0.1.12-8000- 11241100x80000000000000006863648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.032{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c93cbc091fca442022-01-05 09:21:53.032root 11241100x80000000000000006863649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.032{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d241bdb7c9d6a8a2022-01-05 09:21:53.032root 11241100x80000000000000006863650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.032{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5a9d4102ac15222022-01-05 09:21:53.032root 11241100x80000000000000006863651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.032{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4d8a5fe3b0208c2022-01-05 09:21:53.032root 11241100x80000000000000006863652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.032{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a361362b3d7ed6d2022-01-05 09:21:53.032root 11241100x80000000000000006863653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afbb6a4216d99022022-01-05 09:21:53.033root 11241100x80000000000000006863654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd18e8588357212022-01-05 09:21:53.033root 11241100x80000000000000006863655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e4733769069852022-01-05 09:21:53.033root 11241100x80000000000000006863656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0414647727036f52022-01-05 09:21:53.033root 11241100x80000000000000006863657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13bacdd06a92dbb2022-01-05 09:21:53.033root 11241100x80000000000000006863658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31e71ddfbe143a72022-01-05 09:21:53.033root 11241100x80000000000000006863659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eb20172081677f2022-01-05 09:21:53.033root 11241100x80000000000000006863660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.033{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53fca48991e210b2022-01-05 09:21:53.033root 11241100x80000000000000006863661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170d2fa852691bd2022-01-05 09:21:53.034root 11241100x80000000000000006863662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8dcf642112f26772022-01-05 09:21:53.034root 11241100x80000000000000006863663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b01cd0645da4202022-01-05 09:21:53.034root 11241100x80000000000000006863664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce958c4d14486252022-01-05 09:21:53.034root 11241100x80000000000000006863665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf7e99f4f31b46b2022-01-05 09:21:53.034root 11241100x80000000000000006863666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca93e37987e5c67e2022-01-05 09:21:53.034root 11241100x80000000000000006863667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973cd1df52c141c02022-01-05 09:21:53.460root 11241100x80000000000000006863668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e3869b1669cf72022-01-05 09:21:53.460root 11241100x80000000000000006863669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111945b54779ae572022-01-05 09:21:53.460root 11241100x80000000000000006863670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7d790d7ecc6b802022-01-05 09:21:53.460root 11241100x80000000000000006863671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd13209a7dc91e02022-01-05 09:21:53.460root 11241100x80000000000000006863672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c6dfc9a61460292022-01-05 09:21:53.460root 11241100x80000000000000006863673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d259c8779b11c26e2022-01-05 09:21:53.460root 11241100x80000000000000006863674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b4d3a43d218d262022-01-05 09:21:53.460root 11241100x80000000000000006863675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a52f3b9eb4f9982022-01-05 09:21:53.460root 11241100x80000000000000006863676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4450a0057027ec2022-01-05 09:21:53.461root 11241100x80000000000000006863677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e424cfd6d4429e162022-01-05 09:21:53.461root 11241100x80000000000000006863678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7d751056ac45e42022-01-05 09:21:53.461root 11241100x80000000000000006863679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12bb1237cbdf37d2022-01-05 09:21:53.461root 11241100x80000000000000006863680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914d66ae4cf470b42022-01-05 09:21:53.461root 11241100x80000000000000006863681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b003e57bba3c762022-01-05 09:21:53.461root 11241100x80000000000000006863682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43fd8e23553ce52c2022-01-05 09:21:53.461root 11241100x80000000000000006863683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51ad6a1bf3d63b02022-01-05 09:21:53.461root 11241100x80000000000000006863684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3960538860dfd1412022-01-05 09:21:53.462root 11241100x80000000000000006863685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63019844f9d4d952022-01-05 09:21:53.462root 11241100x80000000000000006863686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aba4823184fe6032022-01-05 09:21:53.960root 11241100x80000000000000006863687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f94996a6418a22022-01-05 09:21:53.960root 11241100x80000000000000006863688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9486ffd8306c7b12022-01-05 09:21:53.960root 11241100x80000000000000006863689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c887a0fcda6753e92022-01-05 09:21:53.960root 11241100x80000000000000006863690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bac11afec400d12022-01-05 09:21:53.960root 11241100x80000000000000006863691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1b77bf55f3daf72022-01-05 09:21:53.960root 11241100x80000000000000006863692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f4583d581884d72022-01-05 09:21:53.960root 11241100x80000000000000006863693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc040370d40f2822022-01-05 09:21:53.960root 11241100x80000000000000006863694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aadf1c6cb56fce2022-01-05 09:21:53.960root 11241100x80000000000000006863695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e8b86cb46720c32022-01-05 09:21:53.960root 11241100x80000000000000006863696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf404f4ce88f4812022-01-05 09:21:53.960root 11241100x80000000000000006863697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de1c17e1db6da942022-01-05 09:21:53.960root 11241100x80000000000000006863698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd40bef69ab9dd912022-01-05 09:21:53.960root 11241100x80000000000000006863699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2886978c617c2762022-01-05 09:21:53.960root 11241100x80000000000000006863700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d507b214ac7ef5bf2022-01-05 09:21:53.961root 11241100x80000000000000006863701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fde6b6ff49e6122022-01-05 09:21:53.961root 11241100x80000000000000006863702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c240c223938d02022-01-05 09:21:53.961root 11241100x80000000000000006863703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c91ab6ee0ad58f2022-01-05 09:21:53.961root 11241100x80000000000000006863704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcf9e8f726a09c52022-01-05 09:21:53.961root 11241100x80000000000000006863705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18354d1afef5ce202022-01-05 09:21:54.460root 11241100x80000000000000006863706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce28884745ef2a2a2022-01-05 09:21:54.460root 11241100x80000000000000006863707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16c4b4992ecaa042022-01-05 09:21:54.460root 11241100x80000000000000006863708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7b4ab9d985be182022-01-05 09:21:54.460root 11241100x80000000000000006863709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35000c9273dd8e0b2022-01-05 09:21:54.460root 11241100x80000000000000006863710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c60f1ca14a17cf72022-01-05 09:21:54.460root 11241100x80000000000000006863711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5acbca21b48f8cb2022-01-05 09:21:54.460root 11241100x80000000000000006863712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4844b2933428e8712022-01-05 09:21:54.460root 11241100x80000000000000006863713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c0ae3891d920f62022-01-05 09:21:54.460root 11241100x80000000000000006863714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e902d5647f6f832022-01-05 09:21:54.460root 11241100x80000000000000006863715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ffa1058b0a48f42022-01-05 09:21:54.460root 11241100x80000000000000006863716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6893b6853a566e2022-01-05 09:21:54.460root 11241100x80000000000000006863717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ba555fcf6f63392022-01-05 09:21:54.460root 11241100x80000000000000006863718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b31b579b9fca81c2022-01-05 09:21:54.461root 11241100x80000000000000006863719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae6bb64f5a859bf2022-01-05 09:21:54.461root 11241100x80000000000000006863720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4dd86b9226b35d2022-01-05 09:21:54.461root 11241100x80000000000000006863721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f61ac3a593bc812022-01-05 09:21:54.461root 11241100x80000000000000006863722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c04667a0dea3ed2022-01-05 09:21:54.461root 11241100x80000000000000006863723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44eef014205e4fb2022-01-05 09:21:54.461root 11241100x80000000000000006863724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdeca68c057ea952022-01-05 09:21:54.960root 11241100x80000000000000006863725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a9eca89985c1632022-01-05 09:21:54.960root 11241100x80000000000000006863726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c0110f44d33eb12022-01-05 09:21:54.960root 11241100x80000000000000006863727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0979397eaf4a73b2022-01-05 09:21:54.960root 11241100x80000000000000006863728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757c642df05840112022-01-05 09:21:54.960root 11241100x80000000000000006863729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae3130b484866692022-01-05 09:21:54.960root 11241100x80000000000000006863730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42810286d0536b232022-01-05 09:21:54.960root 11241100x80000000000000006863731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67ff8e6e8f0e5582022-01-05 09:21:54.960root 11241100x80000000000000006863732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec27f50916d0302022-01-05 09:21:54.960root 11241100x80000000000000006863733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb98967452e1a12022-01-05 09:21:54.960root 11241100x80000000000000006863734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d820f5775d8afe002022-01-05 09:21:54.960root 11241100x80000000000000006863735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f64215eb8f0888a2022-01-05 09:21:54.960root 11241100x80000000000000006863736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324b50a5a6e25ae32022-01-05 09:21:54.961root 11241100x80000000000000006863737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4e724fc9f6b0d22022-01-05 09:21:54.961root 11241100x80000000000000006863738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c9c4a0aa44b2102022-01-05 09:21:54.961root 11241100x80000000000000006863739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918a11e1cf2eb5102022-01-05 09:21:54.961root 11241100x80000000000000006863740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e40cb6d7d2938c2022-01-05 09:21:54.961root 11241100x80000000000000006863741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472bc0d8b27305ec2022-01-05 09:21:54.961root 11241100x80000000000000006863742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6512db2a150361332022-01-05 09:21:54.961root 11241100x80000000000000006863743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58999e8d94d540612022-01-05 09:21:55.460root 11241100x80000000000000006863744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf0f3c7148990a02022-01-05 09:21:55.460root 11241100x80000000000000006863745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94dbfe700b6b47562022-01-05 09:21:55.460root 11241100x80000000000000006863746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c1d75d17541abc2022-01-05 09:21:55.460root 11241100x80000000000000006863747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce96637f7aba05822022-01-05 09:21:55.460root 11241100x80000000000000006863748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2428aaadd23c4e2022-01-05 09:21:55.460root 11241100x80000000000000006863749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c37921d82c459b2022-01-05 09:21:55.460root 11241100x80000000000000006863750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a85ae1b70f75dc12022-01-05 09:21:55.460root 11241100x80000000000000006863751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab9bd31f3d8b0262022-01-05 09:21:55.460root 11241100x80000000000000006863752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dffc4b4195c77462022-01-05 09:21:55.460root 11241100x80000000000000006863753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a41d3438bdade72022-01-05 09:21:55.461root 11241100x80000000000000006863754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f261d0f96f1e4812022-01-05 09:21:55.461root 11241100x80000000000000006863755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f7f90a5fd5cb922022-01-05 09:21:55.461root 11241100x80000000000000006863756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297ddc4cfd3035b2022-01-05 09:21:55.461root 11241100x80000000000000006863757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702e3b35fd2a3bc12022-01-05 09:21:55.461root 11241100x80000000000000006863758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e97d77430da594e2022-01-05 09:21:55.461root 11241100x80000000000000006863759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807c85654b290b402022-01-05 09:21:55.461root 11241100x80000000000000006863760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddd345415db881f2022-01-05 09:21:55.461root 11241100x80000000000000006863761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eaa5f5393b29d92022-01-05 09:21:55.461root 11241100x80000000000000006863762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3ff979b0da48fc2022-01-05 09:21:55.960root 11241100x80000000000000006863763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b184d27a92de0b52022-01-05 09:21:55.960root 11241100x80000000000000006863764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026c9f27e8fa4d1e2022-01-05 09:21:55.960root 11241100x80000000000000006863765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c0aba599d7e62c2022-01-05 09:21:55.960root 11241100x80000000000000006863766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa5c58b4b3739122022-01-05 09:21:55.960root 11241100x80000000000000006863767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547531d14b52dde92022-01-05 09:21:55.960root 11241100x80000000000000006863768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3fa82ffe292f962022-01-05 09:21:55.960root 11241100x80000000000000006863769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c9a9950c12db342022-01-05 09:21:55.960root 11241100x80000000000000006863770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba24530f398aaef2022-01-05 09:21:55.960root 11241100x80000000000000006863771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5732270d3692a1372022-01-05 09:21:55.960root 11241100x80000000000000006863772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca29d23873b1a392022-01-05 09:21:55.960root 11241100x80000000000000006863773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307593bac427e0022022-01-05 09:21:55.960root 11241100x80000000000000006863774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424d88f26e66bf122022-01-05 09:21:55.961root 11241100x80000000000000006863775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735e7c34bfd067a22022-01-05 09:21:55.961root 11241100x80000000000000006863776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d03a67f4dde4d5a2022-01-05 09:21:55.961root 11241100x80000000000000006863777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fd7a42cbe865162022-01-05 09:21:55.961root 11241100x80000000000000006863778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460c735858ded6932022-01-05 09:21:55.961root 11241100x80000000000000006863779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3a2385ac69811d2022-01-05 09:21:55.961root 11241100x80000000000000006863780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030ac45c0c848bff2022-01-05 09:21:55.961root 11241100x80000000000000006863781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60a479d0ac68ee82022-01-05 09:21:56.460root 11241100x80000000000000006863782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0daa2d6bd56bb62022-01-05 09:21:56.460root 11241100x80000000000000006863783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f819356d54a8293b2022-01-05 09:21:56.460root 11241100x80000000000000006863784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ca6d0583e95d82022-01-05 09:21:56.460root 11241100x80000000000000006863785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526aa02524d899fd2022-01-05 09:21:56.460root 11241100x80000000000000006863786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438e8dd8098fdb682022-01-05 09:21:56.460root 11241100x80000000000000006863787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea3f231d7cb29512022-01-05 09:21:56.460root 11241100x80000000000000006863788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af863634675013fb2022-01-05 09:21:56.460root 11241100x80000000000000006863789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea410d643a44bd2022-01-05 09:21:56.460root 11241100x80000000000000006863790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdb04fadce0f5de2022-01-05 09:21:56.460root 11241100x80000000000000006863791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4ae35ea93404632022-01-05 09:21:56.460root 11241100x80000000000000006863792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1f3cd1454220d02022-01-05 09:21:56.460root 11241100x80000000000000006863793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b859085eea05c72022-01-05 09:21:56.460root 11241100x80000000000000006863794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c381d6f968ebe0252022-01-05 09:21:56.461root 11241100x80000000000000006863795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e94a8a16fdef09f2022-01-05 09:21:56.461root 11241100x80000000000000006863796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f4d764954157e72022-01-05 09:21:56.461root 11241100x80000000000000006863797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44288f21c648f93c2022-01-05 09:21:56.461root 11241100x80000000000000006863798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3045644ff754ea2022-01-05 09:21:56.461root 11241100x80000000000000006863799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3f7a4283268ac02022-01-05 09:21:56.461root 11241100x80000000000000006863800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77a90cb89a58b852022-01-05 09:21:56.960root 11241100x80000000000000006863801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9cad72a3464652022-01-05 09:21:56.960root 11241100x80000000000000006863802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5521b05fc92cf7b2022-01-05 09:21:56.960root 11241100x80000000000000006863803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3542f7c006357ff82022-01-05 09:21:56.960root 11241100x80000000000000006863804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1606f9bcafdcf12022-01-05 09:21:56.960root 11241100x80000000000000006863805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db572724fbcf4a2022-01-05 09:21:56.960root 11241100x80000000000000006863806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0161a076d6e3fb2022-01-05 09:21:56.960root 11241100x80000000000000006863807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691386704cdf23432022-01-05 09:21:56.960root 11241100x80000000000000006863808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698250fe9507d5ce2022-01-05 09:21:56.960root 11241100x80000000000000006863809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95f50916c2c5c322022-01-05 09:21:56.960root 11241100x80000000000000006863810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78beb50d65833e2022-01-05 09:21:56.960root 11241100x80000000000000006863811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe55707314f96a02022-01-05 09:21:56.960root 11241100x80000000000000006863812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb35c74867e28cc72022-01-05 09:21:56.960root 11241100x80000000000000006863813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ded3139ce00c3eb2022-01-05 09:21:56.961root 11241100x80000000000000006863814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c618c5571abb10122022-01-05 09:21:56.961root 11241100x80000000000000006863815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a3b39f9898d12e2022-01-05 09:21:56.961root 11241100x80000000000000006863816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6a7214f8a61c712022-01-05 09:21:56.961root 11241100x80000000000000006863817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370fab49df96be42022-01-05 09:21:56.961root 11241100x80000000000000006863818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c45d5fc233dd0632022-01-05 09:21:56.961root 11241100x80000000000000006863819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce60978cbd8f1fce2022-01-05 09:21:57.460root 11241100x80000000000000006863820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744ae9e584951c2a2022-01-05 09:21:57.460root 11241100x80000000000000006863821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f4683c46a5e7c42022-01-05 09:21:57.460root 11241100x80000000000000006863822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418d1ec7d3baee4a2022-01-05 09:21:57.460root 11241100x80000000000000006863823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42725e6230841d892022-01-05 09:21:57.460root 11241100x80000000000000006863824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e8a43a34caaa42022-01-05 09:21:57.460root 11241100x80000000000000006863825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f22971bfe013682022-01-05 09:21:57.460root 11241100x80000000000000006863826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6f5746a0470ee32022-01-05 09:21:57.460root 11241100x80000000000000006863827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c788f9095d645dc2022-01-05 09:21:57.460root 11241100x80000000000000006863828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2408bba422fadfc2022-01-05 09:21:57.460root 11241100x80000000000000006863829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf74fe958a774fda2022-01-05 09:21:57.461root 11241100x80000000000000006863830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9cc60f75baa5422022-01-05 09:21:57.461root 11241100x80000000000000006863831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4804943bded6e92022-01-05 09:21:57.461root 11241100x80000000000000006863832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ac3d73e4a7779d2022-01-05 09:21:57.461root 11241100x80000000000000006863833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf47aaa77495a112022-01-05 09:21:57.461root 11241100x80000000000000006863834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4e2939f7c4bedc2022-01-05 09:21:57.461root 11241100x80000000000000006863835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194d021f90bdb1112022-01-05 09:21:57.461root 11241100x80000000000000006863836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9aa3cb6355d4dc2022-01-05 09:21:57.461root 11241100x80000000000000006863837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884f6ed67efa6d042022-01-05 09:21:57.461root 11241100x80000000000000006863838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4420057e20758f2022-01-05 09:21:57.960root 11241100x80000000000000006863839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fef3cc233c223132022-01-05 09:21:57.960root 11241100x80000000000000006863840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6edd54c3730d1c2022-01-05 09:21:57.960root 11241100x80000000000000006863841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6618442d85e0b3b42022-01-05 09:21:57.960root 11241100x80000000000000006863842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9ad5413e474e9f2022-01-05 09:21:57.960root 11241100x80000000000000006863843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c46b97ba1a9bce2022-01-05 09:21:57.960root 11241100x80000000000000006863844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb83a1cffb8d1222022-01-05 09:21:57.960root 11241100x80000000000000006863845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f1ad2403759dfa2022-01-05 09:21:57.960root 11241100x80000000000000006863846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeceeaa065c9e2032022-01-05 09:21:57.960root 11241100x80000000000000006863847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a941d1f05d9a22d2022-01-05 09:21:57.960root 11241100x80000000000000006863848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5bed0dc6cd11762022-01-05 09:21:57.960root 11241100x80000000000000006863849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a7b6f10e4759092022-01-05 09:21:57.960root 11241100x80000000000000006863850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf29fdd0c2361f42022-01-05 09:21:57.960root 11241100x80000000000000006863851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4864afa6a440202022-01-05 09:21:57.961root 11241100x80000000000000006863852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33303203d78bbb832022-01-05 09:21:57.961root 11241100x80000000000000006863853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5e94f981b3bc42022-01-05 09:21:57.961root 11241100x80000000000000006863854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8801f355012d25b02022-01-05 09:21:57.961root 11241100x80000000000000006863855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ce1a215d31c13e2022-01-05 09:21:57.961root 11241100x80000000000000006863856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69fd928278e275f2022-01-05 09:21:57.961root 11241100x80000000000000006863857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d01109c93ecb2eb2022-01-05 09:21:58.460root 11241100x80000000000000006863858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc27ad3e70dadbf2022-01-05 09:21:58.460root 11241100x80000000000000006863859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba088245c1aaac802022-01-05 09:21:58.460root 11241100x80000000000000006863860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0be02ae7024e6552022-01-05 09:21:58.460root 11241100x80000000000000006863861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bb034e5f9665db2022-01-05 09:21:58.460root 11241100x80000000000000006863862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8303d469518fd29d2022-01-05 09:21:58.460root 11241100x80000000000000006863863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8c6f340cce240f2022-01-05 09:21:58.460root 11241100x80000000000000006863864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ff6d755fdc1cd92022-01-05 09:21:58.460root 11241100x80000000000000006863865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e45961555e6d3b2022-01-05 09:21:58.460root 11241100x80000000000000006863866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948af88a28a9b40b2022-01-05 09:21:58.460root 11241100x80000000000000006863867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09ce0e294d88d8f2022-01-05 09:21:58.460root 11241100x80000000000000006863868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e864b0892da63ae72022-01-05 09:21:58.460root 11241100x80000000000000006863869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef9c2df251205842022-01-05 09:21:58.460root 11241100x80000000000000006863870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7e069ba16ab6da2022-01-05 09:21:58.460root 11241100x80000000000000006863871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c8b9febc3085b2022-01-05 09:21:58.461root 11241100x80000000000000006863872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee8fed85d7746fd2022-01-05 09:21:58.461root 11241100x80000000000000006863873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a6c8864d040002022-01-05 09:21:58.461root 11241100x80000000000000006863874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70447b2041e4615e2022-01-05 09:21:58.461root 11241100x80000000000000006863875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9738d68813a661e2022-01-05 09:21:58.461root 11241100x80000000000000006863876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c81efd6a93c08922022-01-05 09:21:58.960root 11241100x80000000000000006863877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca89b4f4be4fc872022-01-05 09:21:58.960root 11241100x80000000000000006863878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2228836e8da3742022-01-05 09:21:58.960root 11241100x80000000000000006863879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff6715ccccc2df12022-01-05 09:21:58.960root 11241100x80000000000000006863880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb03b6b04259422022-01-05 09:21:58.960root 11241100x80000000000000006863881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49242ffdc00ca83a2022-01-05 09:21:58.960root 11241100x80000000000000006863882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3306d6277fefd5432022-01-05 09:21:58.960root 11241100x80000000000000006863883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850c9960d728b61a2022-01-05 09:21:58.960root 11241100x80000000000000006863884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba635830668b1f12022-01-05 09:21:58.960root 11241100x80000000000000006863885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f526fed0cc70e02022-01-05 09:21:58.960root 11241100x80000000000000006863886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4234c0fe122b6b2022-01-05 09:21:58.960root 11241100x80000000000000006863887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1726095f90a3b12022-01-05 09:21:58.960root 11241100x80000000000000006863888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5890db184edf0852022-01-05 09:21:58.961root 11241100x80000000000000006863889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5004c903871957372022-01-05 09:21:58.961root 11241100x80000000000000006863890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa945888785d06402022-01-05 09:21:58.961root 11241100x80000000000000006863891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8364c2cf1f03bc42022-01-05 09:21:58.961root 11241100x80000000000000006863892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d46394458e0b1d62022-01-05 09:21:58.961root 11241100x80000000000000006863893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04b901a0527f6892022-01-05 09:21:58.961root 11241100x80000000000000006863894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c95871f35a291c2022-01-05 09:21:58.961root 354300x80000000000000006863895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.010{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40734-false10.0.1.12-8000- 11241100x80000000000000006863896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:21:59.402root 11241100x80000000000000006863897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d3549db344aa722022-01-05 09:21:59.403root 11241100x80000000000000006863898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37795b146b883762022-01-05 09:21:59.403root 11241100x80000000000000006863899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f239b040d1dac2b12022-01-05 09:21:59.403root 11241100x80000000000000006863900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da48fc665aa6dbdd2022-01-05 09:21:59.403root 11241100x80000000000000006863901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0514570e1204e84f2022-01-05 09:21:59.403root 11241100x80000000000000006863902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe4e3d7f47c7aa72022-01-05 09:21:59.403root 11241100x80000000000000006863903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a67bce2b8c2eff2022-01-05 09:21:59.404root 11241100x80000000000000006863904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854896f4f73ab7c22022-01-05 09:21:59.404root 11241100x80000000000000006863905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bbc9a3968854932022-01-05 09:21:59.404root 11241100x80000000000000006863906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515e140c5d5ec7bf2022-01-05 09:21:59.404root 11241100x80000000000000006863907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd66657db5abc522022-01-05 09:21:59.404root 11241100x80000000000000006863908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a7920ae78713ca2022-01-05 09:21:59.404root 11241100x80000000000000006863909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a666037f42ba00022022-01-05 09:21:59.404root 11241100x80000000000000006863910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da51012616c4a912022-01-05 09:21:59.404root 11241100x80000000000000006863911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40b570cd1abc4a62022-01-05 09:21:59.404root 11241100x80000000000000006863912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7db7238f839886b2022-01-05 09:21:59.404root 11241100x80000000000000006863913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19a11ceb36797002022-01-05 09:21:59.404root 11241100x80000000000000006863914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2e93c3ab6ff67f2022-01-05 09:21:59.404root 11241100x80000000000000006863915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3918a18f3196f75a2022-01-05 09:21:59.404root 11241100x80000000000000006863916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cba9895e1242212022-01-05 09:21:59.405root 11241100x80000000000000006863917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39606dc84dc7bff02022-01-05 09:21:59.405root 11241100x80000000000000006863918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83c0512fda53f822022-01-05 09:21:59.405root 11241100x80000000000000006863919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462aa23c3dac009a2022-01-05 09:21:59.405root 11241100x80000000000000006863920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80389c47c36317802022-01-05 09:21:59.405root 11241100x80000000000000006863921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e49ffd7fc4905c22022-01-05 09:21:59.711root 11241100x80000000000000006863922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a996d9b3dcfda2792022-01-05 09:21:59.711root 11241100x80000000000000006863923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac12856692e4d622022-01-05 09:21:59.711root 11241100x80000000000000006863924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1842d45b13e062402022-01-05 09:21:59.711root 11241100x80000000000000006863925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847e856338a32c492022-01-05 09:21:59.711root 11241100x80000000000000006863926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6563d7886e122c172022-01-05 09:21:59.711root 11241100x80000000000000006863927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6feb57152fdaa6782022-01-05 09:21:59.711root 11241100x80000000000000006863928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2113f35d644ca82022-01-05 09:21:59.711root 354300x80000000000000006863951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:04.057{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40736-false10.0.1.12-8000- 11241100x80000000000000006863952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1322d66a0dd081e2022-01-05 09:22:04.459root 11241100x80000000000000006863953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33204d28b797061a2022-01-05 09:22:04.959root 11241100x80000000000000006863954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b93d961bb9a9132022-01-05 09:22:05.459root 11241100x80000000000000006863955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69d47d830121c62022-01-05 09:22:05.959root 11241100x80000000000000006863956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c37ae3319e59ed2022-01-05 09:22:06.459root 11241100x80000000000000006863957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2008609639bb12e12022-01-05 09:22:06.959root 11241100x80000000000000006863958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee04b03677acdd832022-01-05 09:22:07.459root 154100x80000000000000006863959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:07.839{ec2e79f3-633f-61d5-68b4-56afad550000}22933/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006863960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:07.840{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331f15974fcf05cb2022-01-05 09:22:07.840root 534500x80000000000000006863961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:07.853{ec2e79f3-633f-61d5-68b4-56afad550000}22933/bin/psroot 11241100x80000000000000006863962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3345fdf7c81d6a982022-01-05 09:22:08.209root 11241100x80000000000000006863963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546c0e9608bd9dea2022-01-05 09:22:08.209root 11241100x80000000000000006863964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e1a56d76b0b4ed2022-01-05 09:22:08.209root 11241100x80000000000000006863965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd9c32455fb97122022-01-05 09:22:08.709root 11241100x80000000000000006863966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a299e70a57dcb2f2022-01-05 09:22:08.709root 11241100x80000000000000006863967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8467069a7955024b2022-01-05 09:22:08.709root 354300x80000000000000006863968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.070{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40738-false10.0.1.12-8000- 11241100x80000000000000006863969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57c909dae09db242022-01-05 09:22:09.070root 11241100x80000000000000006863970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022e575b874790c2022-01-05 09:22:09.070root 11241100x80000000000000006863971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f21b860133eb3a2022-01-05 09:22:09.070root 11241100x80000000000000006863972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e564e59f0d3c10cc2022-01-05 09:22:09.459root 11241100x80000000000000006863973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930978e5c13836d72022-01-05 09:22:09.459root 11241100x80000000000000006863974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582e7e42f6d140752022-01-05 09:22:09.459root 11241100x80000000000000006863975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0fd9ea5fdc85a72022-01-05 09:22:09.459root 11241100x80000000000000006863976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8278078e20098e2022-01-05 09:22:09.959root 11241100x80000000000000006863977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46978e8e116122312022-01-05 09:22:09.959root 11241100x80000000000000006863978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f94b86145d221ba2022-01-05 09:22:09.959root 11241100x80000000000000006863979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f749d345b64bcd342022-01-05 09:22:09.959root 11241100x80000000000000006863980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2541aa0e6b5be30f2022-01-05 09:22:10.459root 11241100x80000000000000006863981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979f9594ac107e692022-01-05 09:22:10.459root 11241100x80000000000000006863982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed636410587f872022-01-05 09:22:10.459root 11241100x80000000000000006863983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63143d29820cbfd42022-01-05 09:22:10.459root 11241100x80000000000000006863984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5963f6b2b429912022-01-05 09:22:10.959root 11241100x80000000000000006863985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f23637d04c5d5662022-01-05 09:22:10.959root 11241100x80000000000000006863986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84819d77af3285b02022-01-05 09:22:10.959root 11241100x80000000000000006863987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0025224f623601432022-01-05 09:22:10.959root 11241100x80000000000000006863988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa621c3e0b6ba8f32022-01-05 09:22:11.459root 11241100x80000000000000006863989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb8f194d092c0b52022-01-05 09:22:11.459root 11241100x80000000000000006863990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c83f7e42f42a6e2022-01-05 09:22:11.459root 11241100x80000000000000006863991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2354d92a42d0362022-01-05 09:22:11.459root 11241100x80000000000000006863992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bf9f9bcc31ff272022-01-05 09:22:11.959root 11241100x80000000000000006863993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d9579ec5b9e1d2022-01-05 09:22:11.959root 11241100x80000000000000006863994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e23f323e43d6eb2022-01-05 09:22:11.959root 11241100x80000000000000006863995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dc73055b6096d82022-01-05 09:22:11.959root 11241100x80000000000000006863996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e77feae7a986e82022-01-05 09:22:12.459root 11241100x80000000000000006863997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5759907f3457c0982022-01-05 09:22:12.459root 11241100x80000000000000006863998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c04e39994e531a2022-01-05 09:22:12.459root 11241100x80000000000000006863999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9a43ce03a26cbf2022-01-05 09:22:12.459root 11241100x80000000000000006864000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414a9e3299f43ab52022-01-05 09:22:12.959root 11241100x80000000000000006864001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26bd1dcc0c467772022-01-05 09:22:12.959root 11241100x80000000000000006864002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933cf63d756f59de2022-01-05 09:22:12.959root 11241100x80000000000000006864003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f2129b9046ec3b2022-01-05 09:22:12.959root 11241100x80000000000000006864004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a45828f75502722022-01-05 09:22:13.459root 11241100x80000000000000006864005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f68d1c9993f69dd2022-01-05 09:22:13.459root 11241100x80000000000000006864006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a102f6f13ba43a2022-01-05 09:22:13.459root 11241100x80000000000000006864007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee913168b95127462022-01-05 09:22:13.459root 11241100x80000000000000006864008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b45ed1bccf793372022-01-05 09:22:13.959root 11241100x80000000000000006864009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e3a6eecbf99a642022-01-05 09:22:13.959root 11241100x80000000000000006864010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51830ec61c180a732022-01-05 09:22:13.959root 11241100x80000000000000006864011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7626f64d9ac997e32022-01-05 09:22:13.959root 11241100x80000000000000006864012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e71614fb82f9ca2022-01-05 09:22:14.460root 11241100x80000000000000006864013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae035af7f8343c392022-01-05 09:22:14.460root 11241100x80000000000000006864014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63a00edc88306602022-01-05 09:22:14.460root 11241100x80000000000000006864015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6d530b19f12a292022-01-05 09:22:14.460root 11241100x80000000000000006864016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb47701fe20a5a82022-01-05 09:22:14.959root 11241100x80000000000000006864017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04048cfe5d3297d2022-01-05 09:22:14.959root 11241100x80000000000000006864018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4dbea24e9328752022-01-05 09:22:14.959root 11241100x80000000000000006864019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac7e6bd2cc070a12022-01-05 09:22:14.959root 354300x80000000000000006864020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.063{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40740-false10.0.1.12-8000- 11241100x80000000000000006864021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fef8c509ba0838b2022-01-05 09:22:15.459root 11241100x80000000000000006864022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f8b09805e3aec92022-01-05 09:22:15.459root 11241100x80000000000000006864023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1af4ef60de87522022-01-05 09:22:15.459root 11241100x80000000000000006864024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2dcf40ab5415f32022-01-05 09:22:15.459root 11241100x80000000000000006864025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491c15d04e2e0a732022-01-05 09:22:15.459root 11241100x80000000000000006864026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40278566229e88d2022-01-05 09:22:15.959root 11241100x80000000000000006864027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e837ff16d1d6822022-01-05 09:22:15.959root 11241100x80000000000000006864028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157e07ae259789292022-01-05 09:22:15.959root 11241100x80000000000000006864029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16d10e0107eed572022-01-05 09:22:15.959root 11241100x80000000000000006864030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47ca688f58f2abe2022-01-05 09:22:15.959root 11241100x80000000000000006864031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e479aa8d6147d42022-01-05 09:22:16.459root 11241100x80000000000000006864032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bb341df2622d612022-01-05 09:22:16.459root 11241100x80000000000000006864033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cb02bd9ef5373d2022-01-05 09:22:16.459root 11241100x80000000000000006864034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd15ea7b31fd2d462022-01-05 09:22:16.459root 11241100x80000000000000006864035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929d55e4749e594c2022-01-05 09:22:16.459root 11241100x80000000000000006864036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68cf5ba2396325d2022-01-05 09:22:16.959root 11241100x80000000000000006864037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5e52eb0789d9ad2022-01-05 09:22:16.959root 11241100x80000000000000006864038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73576255ee0f17a2022-01-05 09:22:16.959root 11241100x80000000000000006864039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ded15d8c6636952022-01-05 09:22:16.959root 11241100x80000000000000006864040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c061cb5713140f2022-01-05 09:22:16.959root 11241100x80000000000000006864041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a362ad1e0118e512022-01-05 09:22:17.459root 11241100x80000000000000006864042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90020e6013e192b2022-01-05 09:22:17.459root 11241100x80000000000000006864043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3900c72dc970cc3d2022-01-05 09:22:17.459root 11241100x80000000000000006864044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe12b6e3aacf8192022-01-05 09:22:17.459root 11241100x80000000000000006864045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b190547ff7960f212022-01-05 09:22:17.459root 11241100x80000000000000006864046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d7b2970ba836732022-01-05 09:22:17.959root 11241100x80000000000000006864047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5084e96b36afae62022-01-05 09:22:17.959root 11241100x80000000000000006864048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab4ff0ba568f4c2022-01-05 09:22:17.959root 11241100x80000000000000006864049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b90a34df5322a32022-01-05 09:22:17.959root 11241100x80000000000000006864050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92d2a88a8a2376e2022-01-05 09:22:17.959root 11241100x80000000000000006864051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7616e585b3a3612022-01-05 09:22:18.459root 11241100x80000000000000006864052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2bc096c81e96dd2022-01-05 09:22:18.459root 11241100x80000000000000006864053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54daffa7dfa2392022-01-05 09:22:18.459root 11241100x80000000000000006864054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda4aa57fb214b42022-01-05 09:22:18.459root 11241100x80000000000000006864055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6d4608dd0577702022-01-05 09:22:18.459root 11241100x80000000000000006864056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc062cda0aca9a12022-01-05 09:22:18.959root 11241100x80000000000000006864057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222a2ee6dfd361942022-01-05 09:22:18.959root 11241100x80000000000000006864058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5cbd3368a2e7a22022-01-05 09:22:18.960root 11241100x80000000000000006864059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82787a3e67c4ef42022-01-05 09:22:18.960root 11241100x80000000000000006864060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f340e359f1fd57042022-01-05 09:22:18.960root 11241100x80000000000000006864061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003fdd2ddd1089fe2022-01-05 09:22:19.459root 11241100x80000000000000006864062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c5726aaafbbb0c2022-01-05 09:22:19.459root 11241100x80000000000000006864063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3683e871af3e472022-01-05 09:22:19.459root 11241100x80000000000000006864064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f774257f799b54ff2022-01-05 09:22:19.459root 11241100x80000000000000006864065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc341b387df9b392022-01-05 09:22:19.459root 11241100x80000000000000006864066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0881fe18f6da28fd2022-01-05 09:22:19.959root 11241100x80000000000000006864067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0eae64f2376a82022-01-05 09:22:19.959root 11241100x80000000000000006864068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad6a800aba1be92022-01-05 09:22:19.959root 11241100x80000000000000006864069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d971415fd0bb45112022-01-05 09:22:19.959root 11241100x80000000000000006864070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240a6810d52dc3b42022-01-05 09:22:19.959root 11241100x80000000000000006864071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e41243a5af78cee2022-01-05 09:22:20.459root 11241100x80000000000000006864072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c76d03260b094602022-01-05 09:22:20.459root 11241100x80000000000000006864073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93462995e2b4d2e32022-01-05 09:22:20.459root 11241100x80000000000000006864074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29408ffd21cfc5732022-01-05 09:22:20.459root 11241100x80000000000000006864075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccc67aa03304f262022-01-05 09:22:20.459root 11241100x80000000000000006864076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedd2eb98b39e2e22022-01-05 09:22:20.959root 11241100x80000000000000006864077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb49d3e0f6992c552022-01-05 09:22:20.959root 11241100x80000000000000006864078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07368a2e26d29a262022-01-05 09:22:20.959root 11241100x80000000000000006864079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bae000c29285452022-01-05 09:22:20.959root 11241100x80000000000000006864080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64449de5710a0db42022-01-05 09:22:20.959root 354300x80000000000000006864081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.019{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40742-false10.0.1.12-8000- 11241100x80000000000000006864082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075c9287af3ae2e32022-01-05 09:22:21.459root 11241100x80000000000000006864083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbda3869f1094062022-01-05 09:22:21.459root 11241100x80000000000000006864084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d308adafaa87d052022-01-05 09:22:21.459root 11241100x80000000000000006864085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7e95facca01e722022-01-05 09:22:21.459root 11241100x80000000000000006864086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e761f81941da53342022-01-05 09:22:21.459root 11241100x80000000000000006864087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad55c1baf1319e502022-01-05 09:22:21.459root 11241100x80000000000000006864088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cd3eb5587616042022-01-05 09:22:21.959root 11241100x80000000000000006864089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebf858295650b052022-01-05 09:22:21.959root 11241100x80000000000000006864090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20e19b824abf6fa2022-01-05 09:22:21.959root 11241100x80000000000000006864091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5deb0ab051e98a2022-01-05 09:22:21.959root 11241100x80000000000000006864092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b62a2480390234c2022-01-05 09:22:21.959root 11241100x80000000000000006864093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48449e61172e9262022-01-05 09:22:21.959root 11241100x80000000000000006864094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac527f26bc356d2022-01-05 09:22:22.459root 11241100x80000000000000006864095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da795f1b880306c2022-01-05 09:22:22.459root 11241100x80000000000000006864096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75255ba210b0d9a2022-01-05 09:22:22.459root 11241100x80000000000000006864097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b3d221df6c52032022-01-05 09:22:22.459root 11241100x80000000000000006864098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc53430ae258ba6d2022-01-05 09:22:22.459root 11241100x80000000000000006864099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c992dbbc21baec32022-01-05 09:22:22.459root 11241100x80000000000000006864100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b2f9979f02e5f52022-01-05 09:22:22.959root 11241100x80000000000000006864101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b952000a013202022-01-05 09:22:22.959root 11241100x80000000000000006864102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4767a8f51b87ad62022-01-05 09:22:22.959root 11241100x80000000000000006864103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4c07ad5fd7b9642022-01-05 09:22:22.960root 11241100x80000000000000006864104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe14592130d90072022-01-05 09:22:22.960root 11241100x80000000000000006864105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226510e8eb4ff6a52022-01-05 09:22:22.960root 11241100x80000000000000006864106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9813cae4ad59abc2022-01-05 09:22:23.459root 11241100x80000000000000006864107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f1e3c65c9f47f92022-01-05 09:22:23.459root 11241100x80000000000000006864108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9abd9e3d85856e2022-01-05 09:22:23.459root 11241100x80000000000000006864109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ecc93d256520b62022-01-05 09:22:23.459root 11241100x80000000000000006864110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2a180d93e6afd72022-01-05 09:22:23.459root 11241100x80000000000000006864111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505cb29462391a502022-01-05 09:22:23.459root 11241100x80000000000000006864112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f809cd920a08922022-01-05 09:22:23.959root 11241100x80000000000000006864113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3620469d380e4e2022-01-05 09:22:23.959root 11241100x80000000000000006864114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc31581b55c88cce2022-01-05 09:22:23.959root 11241100x80000000000000006864115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d09929e7523d3f2022-01-05 09:22:23.959root 11241100x80000000000000006864116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726e2fac4e3aec722022-01-05 09:22:23.959root 11241100x80000000000000006864117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22558af3df9fb8bc2022-01-05 09:22:23.959root 11241100x80000000000000006864118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367f0c3364e3c0292022-01-05 09:22:24.459root 11241100x80000000000000006864119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638ffb8c7dc416d02022-01-05 09:22:24.459root 11241100x80000000000000006864120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333bfe721a0385ec2022-01-05 09:22:24.459root 11241100x80000000000000006864121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a144af58fd7e98cc2022-01-05 09:22:24.459root 11241100x80000000000000006864122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928a497b38d43b292022-01-05 09:22:24.459root 11241100x80000000000000006864123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a4570eea63c7d42022-01-05 09:22:24.459root 11241100x80000000000000006864124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a203d825ce5995ab2022-01-05 09:22:24.959root 11241100x80000000000000006864125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ded3d116c436562022-01-05 09:22:24.959root 11241100x80000000000000006864126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c32ced0bbb3a1f52022-01-05 09:22:24.959root 11241100x80000000000000006864127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e424e78875b31242022-01-05 09:22:24.959root 11241100x80000000000000006864128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff2c0a6ca903432022-01-05 09:22:24.959root 11241100x80000000000000006864129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a99e543d5ac3b2022-01-05 09:22:24.959root 11241100x80000000000000006864130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ccca89f006b8082022-01-05 09:22:25.459root 11241100x80000000000000006864131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdac697f9c494f22022-01-05 09:22:25.459root 11241100x80000000000000006864132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb9d2c5aed850c02022-01-05 09:22:25.459root 11241100x80000000000000006864133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9ffefda4925f402022-01-05 09:22:25.459root 11241100x80000000000000006864134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f238722e900e19862022-01-05 09:22:25.460root 11241100x80000000000000006864135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563d5dd48dc3d0442022-01-05 09:22:25.460root 11241100x80000000000000006864136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3b78ce901ef26c2022-01-05 09:22:25.959root 11241100x80000000000000006864137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a7beaac96e1e702022-01-05 09:22:25.959root 11241100x80000000000000006864138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf0d09ec8580f022022-01-05 09:22:25.959root 11241100x80000000000000006864139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f28d758614a0342022-01-05 09:22:25.959root 11241100x80000000000000006864140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794e12a31d0d20cb2022-01-05 09:22:25.959root 11241100x80000000000000006864141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bd505de94723df2022-01-05 09:22:25.960root 354300x80000000000000006864142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.033{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40744-false10.0.1.12-8000- 11241100x80000000000000006864143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c474e3b74c84c582022-01-05 09:22:26.459root 11241100x80000000000000006864144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a1b37844be5ba22022-01-05 09:22:26.460root 11241100x80000000000000006864145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1201efe66f17e832022-01-05 09:22:26.460root 11241100x80000000000000006864146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26660bf44a2952c22022-01-05 09:22:26.460root 11241100x80000000000000006864147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d8296b1023bc8f2022-01-05 09:22:26.460root 11241100x80000000000000006864148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9a6ccd7a57ed822022-01-05 09:22:26.461root 11241100x80000000000000006864149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a589283d37f0002022-01-05 09:22:26.461root 11241100x80000000000000006864150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd87f96270ebb432022-01-05 09:22:26.959root 11241100x80000000000000006864151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d004bf097489792022-01-05 09:22:26.959root 11241100x80000000000000006864152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f843d86e76788ce42022-01-05 09:22:26.960root 11241100x80000000000000006864153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c53b20fc5d0b762022-01-05 09:22:26.960root 11241100x80000000000000006864154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff4d69ee5043c1f2022-01-05 09:22:26.960root 11241100x80000000000000006864155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9365ecea9a0104c72022-01-05 09:22:26.960root 11241100x80000000000000006864156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374f1ff202d688c52022-01-05 09:22:26.960root 11241100x80000000000000006864157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695fb2d6a880931d2022-01-05 09:22:27.459root 11241100x80000000000000006864158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8833bda8158f5d272022-01-05 09:22:27.459root 11241100x80000000000000006864159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0a413d1bb4d1452022-01-05 09:22:27.459root 11241100x80000000000000006864160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1574e480f17379572022-01-05 09:22:27.459root 11241100x80000000000000006864161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204d0ced5f35487c2022-01-05 09:22:27.459root 11241100x80000000000000006864162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896079fe90f3f5f82022-01-05 09:22:27.460root 11241100x80000000000000006864163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7246b89c48b64332022-01-05 09:22:27.460root 11241100x80000000000000006864164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c14428ef85ebf0b2022-01-05 09:22:27.959root 11241100x80000000000000006864165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145d9c7b335540432022-01-05 09:22:27.959root 11241100x80000000000000006864166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d52c7e992eb65612022-01-05 09:22:27.959root 11241100x80000000000000006864167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da6b1b06a770952022-01-05 09:22:27.959root 11241100x80000000000000006864168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d4d86f8e5a41632022-01-05 09:22:27.960root 11241100x80000000000000006864169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ce8d7811143a932022-01-05 09:22:27.960root 11241100x80000000000000006864170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b3e6b6524037612022-01-05 09:22:27.960root 11241100x80000000000000006864171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948b8f3630fb6ec52022-01-05 09:22:28.459root 11241100x80000000000000006864172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347ce7cda693dab32022-01-05 09:22:28.459root 11241100x80000000000000006864173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a879c8b664118562022-01-05 09:22:28.460root 11241100x80000000000000006864174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40257e8b2a5bd5cd2022-01-05 09:22:28.460root 11241100x80000000000000006864175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd99b841a5ef58952022-01-05 09:22:28.460root 11241100x80000000000000006864176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ee14e0bc6859342022-01-05 09:22:28.460root 11241100x80000000000000006864177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5498bd6917efddb12022-01-05 09:22:28.460root 11241100x80000000000000006864178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0a1e047170d8d62022-01-05 09:22:28.960root 11241100x80000000000000006864179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f6d8d2ccd824a2022-01-05 09:22:28.960root 11241100x80000000000000006864180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d9f176a6e6e7902022-01-05 09:22:28.961root 11241100x80000000000000006864181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350594b01af9c2642022-01-05 09:22:28.961root 11241100x80000000000000006864182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623d97c4484370582022-01-05 09:22:28.961root 11241100x80000000000000006864183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf772b237ad77192022-01-05 09:22:28.961root 11241100x80000000000000006864184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e4d7388c4efe122022-01-05 09:22:28.961root 11241100x80000000000000006864185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:22:29.402root 11241100x80000000000000006864186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f46a5d90e6d38f2022-01-05 09:22:29.403root 11241100x80000000000000006864187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7d3304c82fae852022-01-05 09:22:29.404root 11241100x80000000000000006864188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d805e3a8b832362022-01-05 09:22:29.404root 11241100x80000000000000006864189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58796318cd4119b2022-01-05 09:22:29.404root 11241100x80000000000000006864190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aca9826747be2602022-01-05 09:22:29.404root 11241100x80000000000000006864191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acf5a5f46c7216f2022-01-05 09:22:29.404root 11241100x80000000000000006864192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e682d02cdc662e2022-01-05 09:22:29.404root 11241100x80000000000000006864193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c2b2c8477bb4d72022-01-05 09:22:29.404root 11241100x80000000000000006864194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd511d2124f22fc2022-01-05 09:22:29.709root 11241100x80000000000000006864195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820c82b2d45a21112022-01-05 09:22:29.710root 11241100x80000000000000006864196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb8a4b5181ef30f2022-01-05 09:22:29.710root 11241100x80000000000000006864197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671b47f85f679f382022-01-05 09:22:29.710root 11241100x80000000000000006864198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c91ce2eb5b42e932022-01-05 09:22:29.710root 11241100x80000000000000006864199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39aeb0a551d3c5e2022-01-05 09:22:29.710root 11241100x80000000000000006864200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9280b58d85ae3f9a2022-01-05 09:22:29.710root 11241100x80000000000000006864201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf5887f71ce2b6c2022-01-05 09:22:29.710root 11241100x80000000000000006864202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083f5a8bc782f4ea2022-01-05 09:22:30.209root 11241100x80000000000000006864203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109b0eff4bf3b6202022-01-05 09:22:30.209root 11241100x80000000000000006864204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eb46524668b4a22022-01-05 09:22:30.210root 11241100x80000000000000006864205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b45ebd163c64ccf2022-01-05 09:22:30.210root 11241100x80000000000000006864206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4003f9435a30c392022-01-05 09:22:30.210root 11241100x80000000000000006864207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c036dd4284fbad52022-01-05 09:22:30.210root 11241100x80000000000000006864208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee4cfdfc6b87272022-01-05 09:22:30.210root 11241100x80000000000000006864209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9635b312276971672022-01-05 09:22:30.210root 11241100x80000000000000006864210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c19163d9184812022-01-05 09:22:30.709root 11241100x80000000000000006864211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349e03f8f67267922022-01-05 09:22:30.710root 11241100x80000000000000006864212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cee8639562c1ba2022-01-05 09:22:30.710root 11241100x80000000000000006864213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7bed4b74b3eb3f2022-01-05 09:22:30.710root 11241100x80000000000000006864214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fe7cd5c383d1522022-01-05 09:22:30.711root 11241100x80000000000000006864215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f11114f0a0f6adc2022-01-05 09:22:30.712root 11241100x80000000000000006864216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb14d638b87389ad2022-01-05 09:22:30.712root 11241100x80000000000000006864217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe91d66954eb8be2022-01-05 09:22:30.712root 354300x80000000000000006864218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.190{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40746-false10.0.1.12-8000- 11241100x80000000000000006864219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a217a92a200f31882022-01-05 09:22:31.191root 11241100x80000000000000006864220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ee2ccbda3d91422022-01-05 09:22:31.191root 11241100x80000000000000006864221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d284af8c79368f2022-01-05 09:22:31.191root 11241100x80000000000000006864222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d4bd829b7b1b432022-01-05 09:22:31.191root 11241100x80000000000000006864223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c9895366ce181d2022-01-05 09:22:31.191root 11241100x80000000000000006864224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f951bd35fd7748de2022-01-05 09:22:31.191root 11241100x80000000000000006864225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.191{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac77288be1085bd2022-01-05 09:22:31.191root 11241100x80000000000000006864226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.192{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99e8bf2b92d4f6c2022-01-05 09:22:31.192root 11241100x80000000000000006864227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.192{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c60cec352094ea52022-01-05 09:22:31.192root 11241100x80000000000000006864228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a975ec1ad9c482022-01-05 09:22:31.459root 11241100x80000000000000006864229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30389d94968c0a5a2022-01-05 09:22:31.460root 11241100x80000000000000006864230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc60b00dcc87ca4f2022-01-05 09:22:31.460root 11241100x80000000000000006864231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd61308ceb8aac02022-01-05 09:22:31.460root 11241100x80000000000000006864232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3325d82a4cca9262022-01-05 09:22:31.460root 11241100x80000000000000006864233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a398577d74901d082022-01-05 09:22:31.460root 11241100x80000000000000006864234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99225513df34ba5d2022-01-05 09:22:31.460root 11241100x80000000000000006864235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5969fc6f32081b6a2022-01-05 09:22:31.460root 11241100x80000000000000006864236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7ce8f5fd8cc43b2022-01-05 09:22:31.460root 11241100x80000000000000006864237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9004310ade843fe22022-01-05 09:22:31.959root 11241100x80000000000000006864238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4a9aad35fa5b4c2022-01-05 09:22:31.959root 11241100x80000000000000006864239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c784b7374afa55232022-01-05 09:22:31.959root 11241100x80000000000000006864240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022acc42f8cad7942022-01-05 09:22:31.959root 11241100x80000000000000006864241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f10db7dda3ab3a62022-01-05 09:22:31.959root 11241100x80000000000000006864242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4253f6d3d5d150b22022-01-05 09:22:31.960root 11241100x80000000000000006864243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3b9c1527839b3e2022-01-05 09:22:31.960root 11241100x80000000000000006864244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f65848f0075172022-01-05 09:22:31.960root 11241100x80000000000000006864245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d7d3b0942980e22022-01-05 09:22:31.960root 23542300x80000000000000006864246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.264{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006864247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a56ed5a574f3bf2022-01-05 09:22:32.266root 11241100x80000000000000006864248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d35a01f481a6f2022-01-05 09:22:32.266root 11241100x80000000000000006864249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c071be73dcccae92022-01-05 09:22:32.266root 11241100x80000000000000006864250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5b46dcae50c6982022-01-05 09:22:32.266root 11241100x80000000000000006864251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4154ad012c315b2022-01-05 09:22:32.266root 11241100x80000000000000006864252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6606e6b1897e5e082022-01-05 09:22:32.266root 11241100x80000000000000006864253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc2266ba92f5cb62022-01-05 09:22:32.266root 11241100x80000000000000006864254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b8fdcd990385f52022-01-05 09:22:32.266root 11241100x80000000000000006864255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f3bf6f3d7c4ea2022-01-05 09:22:32.266root 11241100x80000000000000006864256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e06fbdf8b88f4242022-01-05 09:22:32.266root 11241100x80000000000000006864257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10045fe97b414d3c2022-01-05 09:22:32.709root 11241100x80000000000000006864258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71dc38c449681e92022-01-05 09:22:32.709root 11241100x80000000000000006864259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad92d1d44ff8dcc2022-01-05 09:22:32.709root 11241100x80000000000000006864260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df62b893ca98c7272022-01-05 09:22:32.709root 11241100x80000000000000006864261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6e4ceab5514d802022-01-05 09:22:32.710root 11241100x80000000000000006864262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745447e1466d8dfa2022-01-05 09:22:32.710root 11241100x80000000000000006864263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890683b40ea486762022-01-05 09:22:32.710root 11241100x80000000000000006864264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1e2281df2d32952022-01-05 09:22:32.710root 11241100x80000000000000006864265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf1b13d23d4720b2022-01-05 09:22:32.710root 11241100x80000000000000006864266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4878a22ea89f9052022-01-05 09:22:32.710root 11241100x80000000000000006864267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9dc933e7de26342022-01-05 09:22:33.209root 11241100x80000000000000006864268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae60a8392cf740f2022-01-05 09:22:33.209root 11241100x80000000000000006864269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38761d606621e5a2022-01-05 09:22:33.209root 11241100x80000000000000006864270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5cde760cc334392022-01-05 09:22:33.210root 11241100x80000000000000006864271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84c58806180c6212022-01-05 09:22:33.210root 11241100x80000000000000006864272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c96135ebb76dc442022-01-05 09:22:33.210root 11241100x80000000000000006864273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe8ca53833ff77b2022-01-05 09:22:33.210root 11241100x80000000000000006864274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51d820f90dd79f72022-01-05 09:22:33.210root 11241100x80000000000000006864275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aa71371437e4fa2022-01-05 09:22:33.210root 11241100x80000000000000006864276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b405e887f62d4ae2022-01-05 09:22:33.210root 354300x80000000000000006864277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.452{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41228-false10.0.1.12-8089- 11241100x80000000000000006864278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27aa35d822bde9f2022-01-05 09:22:33.709root 11241100x80000000000000006864279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf207ed488c219d92022-01-05 09:22:33.709root 11241100x80000000000000006864280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0948eafbdfe346232022-01-05 09:22:33.709root 11241100x80000000000000006864281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b978e7c6dd3f21e2022-01-05 09:22:33.710root 11241100x80000000000000006864282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0910be15d40db8302022-01-05 09:22:33.710root 11241100x80000000000000006864283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16627b8a67eb4c742022-01-05 09:22:33.710root 11241100x80000000000000006864284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de25f88120273092022-01-05 09:22:33.710root 11241100x80000000000000006864285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500edd2aa3b738122022-01-05 09:22:33.710root 11241100x80000000000000006864286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3932548633ce242022-01-05 09:22:33.710root 11241100x80000000000000006864287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2050fbf7e74c033c2022-01-05 09:22:33.710root 11241100x80000000000000006864288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ceb639da945b9a2022-01-05 09:22:33.710root 11241100x80000000000000006864289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124e02de4ccef79d2022-01-05 09:22:34.209root 11241100x80000000000000006864290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604258de732cf5472022-01-05 09:22:34.209root 11241100x80000000000000006864291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16e8eced60ccb572022-01-05 09:22:34.210root 11241100x80000000000000006864292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5beba8324b1a3b3c2022-01-05 09:22:34.210root 11241100x80000000000000006864293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35a35d1ddfe25672022-01-05 09:22:34.210root 11241100x80000000000000006864294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5d1d3d37a5e09a2022-01-05 09:22:34.210root 11241100x80000000000000006864295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deea7ce44e778e002022-01-05 09:22:34.210root 11241100x80000000000000006864296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5c0b0577e16f322022-01-05 09:22:34.210root 11241100x80000000000000006864297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fa2bb5dcbdb60f2022-01-05 09:22:34.210root 11241100x80000000000000006864298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a557e7a3f078cdb2022-01-05 09:22:34.210root 11241100x80000000000000006864299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c851e43980e73852022-01-05 09:22:34.210root 11241100x80000000000000006864300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c504e76c7f2f1e12022-01-05 09:22:34.709root 11241100x80000000000000006864301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86edfb849ff5cc232022-01-05 09:22:34.709root 11241100x80000000000000006864302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a133a1c286a9bf2022-01-05 09:22:34.709root 11241100x80000000000000006864303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da9c98ac91e100f2022-01-05 09:22:34.710root 11241100x80000000000000006864304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523618544f41cfe22022-01-05 09:22:34.710root 11241100x80000000000000006864305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb3b89f4655c2222022-01-05 09:22:34.710root 11241100x80000000000000006864306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5fc04f7fca08d42022-01-05 09:22:34.710root 11241100x80000000000000006864307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2cb48f0c9569952022-01-05 09:22:34.710root 11241100x80000000000000006864308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62736c03f1e4252022-01-05 09:22:34.710root 11241100x80000000000000006864309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d24fcd19899f62022-01-05 09:22:34.710root 11241100x80000000000000006864310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604cb68dd32c02552022-01-05 09:22:34.710root 11241100x80000000000000006864311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4803ff9e5f1edf1c2022-01-05 09:22:35.209root 11241100x80000000000000006864312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52f7db73c65e6172022-01-05 09:22:35.209root 11241100x80000000000000006864313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f265fa01a33261ba2022-01-05 09:22:35.209root 11241100x80000000000000006864314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aff04e13a1416c82022-01-05 09:22:35.210root 11241100x80000000000000006864315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164ae0f5350aae842022-01-05 09:22:35.210root 11241100x80000000000000006864316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3982d1313cc9ea172022-01-05 09:22:35.210root 11241100x80000000000000006864317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa728c8ed31b5b2022-01-05 09:22:35.210root 11241100x80000000000000006864318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab90e6fa06359a1b2022-01-05 09:22:35.210root 11241100x80000000000000006864319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644d49c0b0bdbc982022-01-05 09:22:35.210root 11241100x80000000000000006864320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d302589f45b388092022-01-05 09:22:35.210root 11241100x80000000000000006864321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc2590b53d10182022-01-05 09:22:35.210root 11241100x80000000000000006864322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00e921f86185e222022-01-05 09:22:35.709root 11241100x80000000000000006864323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631cdb4342b0f0432022-01-05 09:22:35.709root 11241100x80000000000000006864324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327dfd31a71d15682022-01-05 09:22:35.709root 11241100x80000000000000006864325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f154044b2d0c77f2022-01-05 09:22:35.710root 11241100x80000000000000006864326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd3876d8338dd462022-01-05 09:22:35.710root 11241100x80000000000000006864327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d5da5a3f4a68ca2022-01-05 09:22:35.710root 11241100x80000000000000006864328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f657e1e459bde612022-01-05 09:22:35.710root 11241100x80000000000000006864329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d513c6b339a4dc2022-01-05 09:22:35.710root 11241100x80000000000000006864330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0e3903adf15ea62022-01-05 09:22:35.710root 11241100x80000000000000006864331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ecea5f961670bd2022-01-05 09:22:35.710root 11241100x80000000000000006864332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9578bbaf5fc43742022-01-05 09:22:35.710root 534500x80000000000000006864333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.065{00000000-0000-0000-0000-000000000000}17252<unknown process>root 11241100x80000000000000006864334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc3512445e410d2022-01-05 09:22:36.065root 11241100x80000000000000006864335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378adefcd7cb3a172022-01-05 09:22:36.065root 11241100x80000000000000006864336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1dc29ad2965ec72022-01-05 09:22:36.066root 11241100x80000000000000006864337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b38e47ed81c1fe2022-01-05 09:22:36.066root 11241100x80000000000000006864338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0500132a2438c6372022-01-05 09:22:36.066root 11241100x80000000000000006864339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1853b382859817922022-01-05 09:22:36.066root 11241100x80000000000000006864340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c020e6a368dd7302022-01-05 09:22:36.066root 11241100x80000000000000006864341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bd537b3e7390272022-01-05 09:22:36.066root 11241100x80000000000000006864342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489db809446b8692022-01-05 09:22:36.066root 11241100x80000000000000006864343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1bcb412cb52522022-01-05 09:22:36.066root 11241100x80000000000000006864344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad19c150b6e023462022-01-05 09:22:36.066root 11241100x80000000000000006864345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efba3d12487020de2022-01-05 09:22:36.066root 11241100x80000000000000006864346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f80aa13400b23102022-01-05 09:22:36.459root 11241100x80000000000000006864347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6b169a1f378a082022-01-05 09:22:36.459root 11241100x80000000000000006864348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6e071fca524672022-01-05 09:22:36.460root 11241100x80000000000000006864349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c043778711d35492022-01-05 09:22:36.460root 11241100x80000000000000006864350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca1f5686a40909e2022-01-05 09:22:36.460root 11241100x80000000000000006864351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af5eed09e580eb42022-01-05 09:22:36.460root 11241100x80000000000000006864352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287a45c9fb707ca72022-01-05 09:22:36.460root 11241100x80000000000000006864353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3d8913c24e26182022-01-05 09:22:36.460root 11241100x80000000000000006864354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e819b42320a9d2022-01-05 09:22:36.460root 11241100x80000000000000006864355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68d14fad6485c822022-01-05 09:22:36.460root 11241100x80000000000000006864356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b337933fff10295f2022-01-05 09:22:36.460root 11241100x80000000000000006864357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd3e6506520733d2022-01-05 09:22:36.460root 11241100x80000000000000006864358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4065900b61ea8232022-01-05 09:22:36.959root 11241100x80000000000000006864359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2dd117a49dd07c2022-01-05 09:22:36.959root 11241100x80000000000000006864360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c82a91e4ff1c2cf2022-01-05 09:22:36.960root 11241100x80000000000000006864361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc23e05d111d7fd2022-01-05 09:22:36.960root 11241100x80000000000000006864362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403ebb6d7a8802ed2022-01-05 09:22:36.960root 11241100x80000000000000006864363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeef37de3edb9862022-01-05 09:22:36.960root 11241100x80000000000000006864364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a4a1f2a21dc7242022-01-05 09:22:36.960root 11241100x80000000000000006864365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a03d8e09069b7a2022-01-05 09:22:36.960root 11241100x80000000000000006864366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d944a1980d4262022-01-05 09:22:36.960root 11241100x80000000000000006864367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac81b2c519d523e72022-01-05 09:22:36.960root 11241100x80000000000000006864368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8aa0bdc7e7f6802022-01-05 09:22:36.960root 11241100x80000000000000006864369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc1569d1a7e995f2022-01-05 09:22:36.960root 354300x80000000000000006864370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.102{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40750-false10.0.1.12-8000- 11241100x80000000000000006864371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2330e5b273147c842022-01-05 09:22:37.459root 11241100x80000000000000006864372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d62b39aeec2b72022-01-05 09:22:37.459root 11241100x80000000000000006864373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22802d285e6c1f0c2022-01-05 09:22:37.460root 11241100x80000000000000006864374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637595774bfacc6d2022-01-05 09:22:37.460root 11241100x80000000000000006864375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824376a7c4df035a2022-01-05 09:22:37.460root 11241100x80000000000000006864376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7ab1fc6ae4ed4d2022-01-05 09:22:37.460root 11241100x80000000000000006864377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46c5eea85841bc82022-01-05 09:22:37.460root 11241100x80000000000000006864378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a00fa654c904922022-01-05 09:22:37.460root 11241100x80000000000000006864379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da2db69ff183b652022-01-05 09:22:37.460root 11241100x80000000000000006864380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95771a2a13d132e2022-01-05 09:22:37.460root 11241100x80000000000000006864381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac30c4c2ca55423e2022-01-05 09:22:37.460root 11241100x80000000000000006864382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9019c07c67aff05c2022-01-05 09:22:37.460root 11241100x80000000000000006864383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b56248d0446ceac2022-01-05 09:22:37.460root 11241100x80000000000000006864384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee2cfe6c030b7d32022-01-05 09:22:37.959root 11241100x80000000000000006864385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a46b45c90fe65352022-01-05 09:22:37.959root 11241100x80000000000000006864386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bae0adb0878e372022-01-05 09:22:37.960root 11241100x80000000000000006864387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f566de3b36553dd92022-01-05 09:22:37.960root 11241100x80000000000000006864388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8182a5fb123dd2a42022-01-05 09:22:37.960root 11241100x80000000000000006864389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab24957b0e8c5ce72022-01-05 09:22:37.960root 11241100x80000000000000006864390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8d44e0578d372a2022-01-05 09:22:37.960root 11241100x80000000000000006864391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289322b18e0a2ed52022-01-05 09:22:37.960root 11241100x80000000000000006864392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6342e0c95eb1db2022-01-05 09:22:37.960root 11241100x80000000000000006864393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4329a0f5f9ff1bf2022-01-05 09:22:37.960root 11241100x80000000000000006864394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43044992c72efef12022-01-05 09:22:37.960root 11241100x80000000000000006864395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc42c72c08ad3512022-01-05 09:22:37.960root 11241100x80000000000000006864396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e3e7c0518aa0762022-01-05 09:22:37.960root 11241100x80000000000000006864397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddde83da80e7fadf2022-01-05 09:22:38.459root 11241100x80000000000000006864398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40cee6940c089632022-01-05 09:22:38.459root 11241100x80000000000000006864399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af1ebf785808c92022-01-05 09:22:38.460root 11241100x80000000000000006864400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba73f1d2c5986412022-01-05 09:22:38.460root 11241100x80000000000000006864401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fded5886b8ff632022-01-05 09:22:38.460root 11241100x80000000000000006864402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bed6b24a17d41392022-01-05 09:22:38.460root 11241100x80000000000000006864403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1771a3013ab7112022-01-05 09:22:38.460root 11241100x80000000000000006864404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9781faf408ffc6692022-01-05 09:22:38.460root 11241100x80000000000000006864405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f470501b5cbd34f52022-01-05 09:22:38.460root 11241100x80000000000000006864406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ea2edb732bbb492022-01-05 09:22:38.460root 11241100x80000000000000006864407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ab650a237ecc122022-01-05 09:22:38.460root 11241100x80000000000000006864408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835be89e8430076d2022-01-05 09:22:38.460root 11241100x80000000000000006864409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b272c998d17df722022-01-05 09:22:38.460root 11241100x80000000000000006864410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa259a1c3937dc2e2022-01-05 09:22:38.959root 11241100x80000000000000006864411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040cbf03a3b092e82022-01-05 09:22:38.959root 11241100x80000000000000006864412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead771f7b8c6467b2022-01-05 09:22:38.960root 11241100x80000000000000006864413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8911c91ce2e4b832022-01-05 09:22:38.960root 11241100x80000000000000006864414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63e70a2bdb9982f2022-01-05 09:22:38.960root 11241100x80000000000000006864415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa2afa74e4c1be2022-01-05 09:22:38.960root 11241100x80000000000000006864416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1806d1e8cb3bb3c2022-01-05 09:22:38.960root 11241100x80000000000000006864417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8e8708b9a203e2022-01-05 09:22:38.960root 11241100x80000000000000006864418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2bdf793e1bdda22022-01-05 09:22:38.960root 11241100x80000000000000006864419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9109740713036a532022-01-05 09:22:38.960root 11241100x80000000000000006864420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03f7fff190ae0412022-01-05 09:22:38.960root 11241100x80000000000000006864421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c236c5c11c076b2022-01-05 09:22:38.960root 11241100x80000000000000006864422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a965f09ae6f169c2022-01-05 09:22:38.960root 11241100x80000000000000006864423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55378b27c69c09f72022-01-05 09:22:39.459root 11241100x80000000000000006864424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3502d4cb3d4ac9e2022-01-05 09:22:39.459root 11241100x80000000000000006864425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5838da70ada88f02022-01-05 09:22:39.460root 11241100x80000000000000006864426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b9d54b4dc323742022-01-05 09:22:39.460root 11241100x80000000000000006864427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2a943ef6073d422022-01-05 09:22:39.460root 11241100x80000000000000006864428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a6a42864de9e332022-01-05 09:22:39.460root 11241100x80000000000000006864429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a034489097a1112022-01-05 09:22:39.460root 11241100x80000000000000006864430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cf9372acffe2342022-01-05 09:22:39.460root 11241100x80000000000000006864431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701ac8fae5b28da62022-01-05 09:22:39.460root 11241100x80000000000000006864432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975e4d2325bd9f6d2022-01-05 09:22:39.460root 11241100x80000000000000006864433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f745d39fdb6ea75e2022-01-05 09:22:39.461root 11241100x80000000000000006864434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a5e4eaf3b680ef2022-01-05 09:22:39.461root 11241100x80000000000000006864435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a022d0f8ac19282022-01-05 09:22:39.461root 11241100x80000000000000006864436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3644d33c14e2b9562022-01-05 09:22:39.959root 11241100x80000000000000006864437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbad0ef0cd3c4462022-01-05 09:22:39.960root 11241100x80000000000000006864438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcec28bbe4e0e092022-01-05 09:22:39.960root 11241100x80000000000000006864439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4fe924d82f49952022-01-05 09:22:39.960root 11241100x80000000000000006864440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b20f40f8b686b42022-01-05 09:22:39.960root 11241100x80000000000000006864441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846048639fedbb7a2022-01-05 09:22:39.961root 11241100x80000000000000006864442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466fd70cb492198f2022-01-05 09:22:39.961root 11241100x80000000000000006864443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e1774788c72762022-01-05 09:22:39.961root 11241100x80000000000000006864444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b45d0a9617c43b2022-01-05 09:22:39.961root 11241100x80000000000000006864445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25e52305975671d2022-01-05 09:22:39.961root 11241100x80000000000000006864446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ebe29e8c4d1ec12022-01-05 09:22:39.961root 11241100x80000000000000006864447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adca6dfa1d4e6732022-01-05 09:22:39.962root 11241100x80000000000000006864448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:39.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb03c427caba7ef2022-01-05 09:22:39.962root 11241100x80000000000000006864449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724f409579ca71082022-01-05 09:22:40.459root 11241100x80000000000000006864450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f5f13be98466352022-01-05 09:22:40.459root 11241100x80000000000000006864451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cce3c82d6086022022-01-05 09:22:40.459root 11241100x80000000000000006864452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719eea49c128c8672022-01-05 09:22:40.460root 11241100x80000000000000006864453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f867a363a90b22f52022-01-05 09:22:40.460root 11241100x80000000000000006864454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb4c73089bdaa02b2022-01-05 09:22:40.460root 11241100x80000000000000006864455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d27e5391f948caf2022-01-05 09:22:40.460root 11241100x80000000000000006864456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347968a448eb96942022-01-05 09:22:40.460root 11241100x80000000000000006864457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d175e54c516b782022-01-05 09:22:40.460root 11241100x80000000000000006864458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a675ba9489ebd2552022-01-05 09:22:40.460root 11241100x80000000000000006864459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185cd6b5295071952022-01-05 09:22:40.460root 11241100x80000000000000006864460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b615cd51fec2452022-01-05 09:22:40.460root 11241100x80000000000000006864461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a03ec13d2952c02022-01-05 09:22:40.461root 11241100x80000000000000006864462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a24c4fb344a86d2022-01-05 09:22:40.959root 11241100x80000000000000006864463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cddca414a883f52022-01-05 09:22:40.960root 11241100x80000000000000006864464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa1708785496d442022-01-05 09:22:40.960root 11241100x80000000000000006864465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc20baf24d08c45a2022-01-05 09:22:40.960root 11241100x80000000000000006864466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f987f12588f89d2022-01-05 09:22:40.960root 11241100x80000000000000006864467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7657a6faa8ef9b602022-01-05 09:22:40.960root 11241100x80000000000000006864468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f82638e2d0480c2022-01-05 09:22:40.960root 11241100x80000000000000006864469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f1e2c6aceff362022-01-05 09:22:40.960root 11241100x80000000000000006864470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ea1cb4656810d2022-01-05 09:22:40.960root 11241100x80000000000000006864471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe29cfc45c411aa2022-01-05 09:22:40.960root 11241100x80000000000000006864472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9135a13990b684d2022-01-05 09:22:40.960root 11241100x80000000000000006864473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b20436ba283a392022-01-05 09:22:40.960root 11241100x80000000000000006864474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9b23d5adb9d27d2022-01-05 09:22:40.960root 11241100x80000000000000006864475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5598f6063e171a752022-01-05 09:22:41.459root 11241100x80000000000000006864476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7f432dc1be04562022-01-05 09:22:41.460root 11241100x80000000000000006864477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf29821ff237f2f2022-01-05 09:22:41.460root 11241100x80000000000000006864478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e70b173b79e1632022-01-05 09:22:41.460root 11241100x80000000000000006864479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c547812c0c62e2022-01-05 09:22:41.460root 11241100x80000000000000006864480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ccb49aaa1ad7582022-01-05 09:22:41.460root 11241100x80000000000000006864481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d683452212d0e6e2022-01-05 09:22:41.460root 11241100x80000000000000006864482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a7d3199fa35122022-01-05 09:22:41.460root 11241100x80000000000000006864483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a695e09902b2112022-01-05 09:22:41.460root 11241100x80000000000000006864484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59b5d5034206c772022-01-05 09:22:41.460root 11241100x80000000000000006864485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0bd8e39de00e8f2022-01-05 09:22:41.461root 11241100x80000000000000006864486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7181971b65d917732022-01-05 09:22:41.461root 11241100x80000000000000006864487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373a99389d1ae48e2022-01-05 09:22:41.461root 11241100x80000000000000006864488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db284b2b331a3ff2022-01-05 09:22:41.959root 11241100x80000000000000006864489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b7b9da133d1d7e2022-01-05 09:22:41.959root 11241100x80000000000000006864490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c581ca707d73fbc2022-01-05 09:22:41.960root 11241100x80000000000000006864491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb67878906e09c342022-01-05 09:22:41.960root 11241100x80000000000000006864492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b831008a085cad62022-01-05 09:22:41.960root 11241100x80000000000000006864493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b10feddc6afb6472022-01-05 09:22:41.960root 11241100x80000000000000006864494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36d5b2eba4316b92022-01-05 09:22:41.960root 11241100x80000000000000006864495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a06a4606623122022-01-05 09:22:41.960root 11241100x80000000000000006864496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5da6593b164f1d2022-01-05 09:22:41.960root 11241100x80000000000000006864497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959d0a9da2168e32022-01-05 09:22:41.960root 11241100x80000000000000006864498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05a8337e12f0a362022-01-05 09:22:41.960root 11241100x80000000000000006864499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0c2d72928404aa2022-01-05 09:22:41.960root 11241100x80000000000000006864500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5411a7b47ddf08492022-01-05 09:22:41.961root 354300x80000000000000006864501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.151{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40752-false10.0.1.12-8000- 11241100x80000000000000006864502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6bfd6e8a4f3f312022-01-05 09:22:42.459root 11241100x80000000000000006864503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10222e448f9e8c9f2022-01-05 09:22:42.459root 11241100x80000000000000006864504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d219719a93a1eba2022-01-05 09:22:42.460root 11241100x80000000000000006864505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae34c0f78884dbf42022-01-05 09:22:42.460root 11241100x80000000000000006864506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db64675e4de76122022-01-05 09:22:42.460root 11241100x80000000000000006864507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46e44bd051cf25f2022-01-05 09:22:42.460root 11241100x80000000000000006864508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a8170890685cee2022-01-05 09:22:42.460root 11241100x80000000000000006864509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a88eefbbeeb7272022-01-05 09:22:42.460root 11241100x80000000000000006864510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be542880861e771a2022-01-05 09:22:42.460root 11241100x80000000000000006864511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f209269505a2104b2022-01-05 09:22:42.460root 11241100x80000000000000006864512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa76dde48661ab272022-01-05 09:22:42.460root 11241100x80000000000000006864513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bba62de9642d5d2022-01-05 09:22:42.460root 11241100x80000000000000006864514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7024d974d5560f2022-01-05 09:22:42.461root 11241100x80000000000000006864515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ffe246f780caf72022-01-05 09:22:42.461root 11241100x80000000000000006864516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b4262c475ddbf22022-01-05 09:22:42.959root 11241100x80000000000000006864517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae3feb2edd568052022-01-05 09:22:42.959root 11241100x80000000000000006864518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5819ddf58c1cc1a92022-01-05 09:22:42.959root 11241100x80000000000000006864519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c6a57f279f96f62022-01-05 09:22:42.960root 11241100x80000000000000006864520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7b9f3dd1ab74f2022-01-05 09:22:42.960root 11241100x80000000000000006864521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246f40ea6d56fa4b2022-01-05 09:22:42.960root 11241100x80000000000000006864522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1a1792392dbe802022-01-05 09:22:42.960root 11241100x80000000000000006864523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db410452be150702022-01-05 09:22:42.960root 11241100x80000000000000006864524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96459ace8ecab0532022-01-05 09:22:42.960root 11241100x80000000000000006864525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be5b9994b4a80452022-01-05 09:22:42.960root 11241100x80000000000000006864526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05525c458a8c69b2022-01-05 09:22:42.960root 11241100x80000000000000006864527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c938f6d907e9d602022-01-05 09:22:42.960root 11241100x80000000000000006864528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94073031841e4a6c2022-01-05 09:22:42.960root 11241100x80000000000000006864529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a6d0c45902793f2022-01-05 09:22:42.960root 11241100x80000000000000006864530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cc295576acf2652022-01-05 09:22:43.459root 11241100x80000000000000006864531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a27fc736731cd482022-01-05 09:22:43.459root 11241100x80000000000000006864532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaca67b0f7da245d2022-01-05 09:22:43.459root 11241100x80000000000000006864533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f78ab225ee5217f2022-01-05 09:22:43.459root 11241100x80000000000000006864534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbf3488a8c553402022-01-05 09:22:43.459root 11241100x80000000000000006864535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818b1865cca41f992022-01-05 09:22:43.460root 11241100x80000000000000006864536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa847d3fa5bdb522022-01-05 09:22:43.460root 11241100x80000000000000006864537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1f30c7a33b4d7a2022-01-05 09:22:43.460root 11241100x80000000000000006864538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a570d3ea4124420c2022-01-05 09:22:43.460root 11241100x80000000000000006864539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d16342e10e5c902022-01-05 09:22:43.460root 11241100x80000000000000006864540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0444b4dfe62a8d2022-01-05 09:22:43.460root 11241100x80000000000000006864541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb430d3e07171cd52022-01-05 09:22:43.460root 11241100x80000000000000006864542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f6887ef77521b62022-01-05 09:22:43.460root 11241100x80000000000000006864543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a99cbebbd76142022-01-05 09:22:43.460root 11241100x80000000000000006864544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e78ef7bb69882162022-01-05 09:22:43.959root 11241100x80000000000000006864545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b003ca80b3fc3c82022-01-05 09:22:43.959root 11241100x80000000000000006864546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8930d64acabceb2022-01-05 09:22:43.959root 11241100x80000000000000006864547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d05bfc8ba5607f2022-01-05 09:22:43.960root 11241100x80000000000000006864548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8348efb3994ae32022-01-05 09:22:43.960root 11241100x80000000000000006864549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140929faae9517bb2022-01-05 09:22:43.960root 11241100x80000000000000006864550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51703a4a30f6e2242022-01-05 09:22:43.960root 11241100x80000000000000006864551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b843f71e0614582022-01-05 09:22:43.960root 11241100x80000000000000006864552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e591c1c2c27a9f6f2022-01-05 09:22:43.960root 11241100x80000000000000006864553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc151d9b377c9c22022-01-05 09:22:43.960root 11241100x80000000000000006864554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13aeb77d1e6b69f92022-01-05 09:22:43.960root 11241100x80000000000000006864555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9405746225ff97c2022-01-05 09:22:43.960root 11241100x80000000000000006864556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a491012fe34afe2022-01-05 09:22:43.960root 11241100x80000000000000006864557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bebe0c15bbc39c2022-01-05 09:22:43.960root 11241100x80000000000000006864558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a69ccd9f76024c92022-01-05 09:22:44.460root 11241100x80000000000000006864559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf16f8ed0c1d22d2022-01-05 09:22:44.460root 11241100x80000000000000006864560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829c02809488e7272022-01-05 09:22:44.460root 11241100x80000000000000006864561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534079554056f3862022-01-05 09:22:44.460root 11241100x80000000000000006864562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c653f7159c2c99272022-01-05 09:22:44.460root 11241100x80000000000000006864563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056ebe4e826965b92022-01-05 09:22:44.460root 11241100x80000000000000006864564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d094e9b1362f8a7d2022-01-05 09:22:44.460root 11241100x80000000000000006864565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fe65f905f6c5d12022-01-05 09:22:44.461root 11241100x80000000000000006864566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d92c118c7dc22c2022-01-05 09:22:44.461root 11241100x80000000000000006864567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0958e79b8576a3742022-01-05 09:22:44.461root 11241100x80000000000000006864568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beee638ae276f8d62022-01-05 09:22:44.461root 11241100x80000000000000006864569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc20365afd840772022-01-05 09:22:44.461root 11241100x80000000000000006864570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7181965450004a1b2022-01-05 09:22:44.462root 11241100x80000000000000006864571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6015d088889587552022-01-05 09:22:44.462root 11241100x80000000000000006864572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bdee28e5556eec2022-01-05 09:22:44.959root 11241100x80000000000000006864573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ef84a60a0780a12022-01-05 09:22:44.960root 11241100x80000000000000006864574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8152e6598f9da0e62022-01-05 09:22:44.960root 11241100x80000000000000006864575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f110175f415140dd2022-01-05 09:22:44.960root 11241100x80000000000000006864576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300e80baff0a2e2f2022-01-05 09:22:44.960root 11241100x80000000000000006864577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de9e931eafece612022-01-05 09:22:44.960root 11241100x80000000000000006864578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7d5a06f2495acb2022-01-05 09:22:44.960root 11241100x80000000000000006864579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c03e7e1574bee962022-01-05 09:22:44.960root 11241100x80000000000000006864580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7795cad26d1b772022-01-05 09:22:44.960root 11241100x80000000000000006864581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71552660d5a6f2c2022-01-05 09:22:44.960root 11241100x80000000000000006864582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953d1cf39f1427612022-01-05 09:22:44.960root 11241100x80000000000000006864583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116848f73f17ba342022-01-05 09:22:44.960root 11241100x80000000000000006864584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9f1e58f43fa7572022-01-05 09:22:44.960root 11241100x80000000000000006864585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669fb0ec434e9bd72022-01-05 09:22:44.960root 11241100x80000000000000006864586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4949c44e394ccf022022-01-05 09:22:45.459root 11241100x80000000000000006864587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb35bc5a46d30ddb2022-01-05 09:22:45.460root 11241100x80000000000000006864588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc101bf63bfd2042022-01-05 09:22:45.460root 11241100x80000000000000006864589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eed5eedac1776f2022-01-05 09:22:45.460root 11241100x80000000000000006864590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea432caacba73a82022-01-05 09:22:45.460root 11241100x80000000000000006864591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3222a48de5579f2022-01-05 09:22:45.460root 11241100x80000000000000006864592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deabc91edf2173e2022-01-05 09:22:45.460root 11241100x80000000000000006864593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5a87b97e1c76742022-01-05 09:22:45.460root 11241100x80000000000000006864594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47d1b933b4fb8542022-01-05 09:22:45.460root 11241100x80000000000000006864595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d62a92cc942d292022-01-05 09:22:45.460root 11241100x80000000000000006864596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbbb1fe91925e3b2022-01-05 09:22:45.460root 11241100x80000000000000006864597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505e5ef7247b48002022-01-05 09:22:45.460root 11241100x80000000000000006864598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4432840f7a85212022-01-05 09:22:45.460root 11241100x80000000000000006864599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9347df1dc99e0922022-01-05 09:22:45.460root 11241100x80000000000000006864600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8442e6b256900ae2022-01-05 09:22:45.959root 11241100x80000000000000006864601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3539ba8b7b6b49782022-01-05 09:22:45.960root 11241100x80000000000000006864602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354fad97b10c2aae2022-01-05 09:22:45.960root 11241100x80000000000000006864603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2520e6cabe53a8182022-01-05 09:22:45.960root 11241100x80000000000000006864604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c71fd7869d82e32022-01-05 09:22:45.960root 11241100x80000000000000006864605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859205bb8ccdf5a92022-01-05 09:22:45.960root 11241100x80000000000000006864606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01cf6433978e7fe2022-01-05 09:22:45.960root 11241100x80000000000000006864607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ce34e392664a62022-01-05 09:22:45.960root 11241100x80000000000000006864608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fdca41bb7920e2022-01-05 09:22:45.960root 11241100x80000000000000006864609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f46335f683efd0e2022-01-05 09:22:45.960root 11241100x80000000000000006864610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89379df04792d0282022-01-05 09:22:45.960root 11241100x80000000000000006864611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e042c62a64841d2022-01-05 09:22:45.960root 11241100x80000000000000006864612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d60d4894a98d762022-01-05 09:22:45.960root 11241100x80000000000000006864613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c2fe20afd27ccb2022-01-05 09:22:45.961root 11241100x80000000000000006864614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0945e793de7b65d82022-01-05 09:22:46.459root 11241100x80000000000000006864615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458d02489770a21a2022-01-05 09:22:46.459root 11241100x80000000000000006864616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418bacd66504f9322022-01-05 09:22:46.460root 11241100x80000000000000006864617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2765b8fd334fd5ad2022-01-05 09:22:46.460root 11241100x80000000000000006864618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453f89386ede11f2022-01-05 09:22:46.460root 11241100x80000000000000006864619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac56b584831f4c452022-01-05 09:22:46.460root 11241100x80000000000000006864620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3e6973c1f3baa22022-01-05 09:22:46.460root 11241100x80000000000000006864621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549fa955b84e73822022-01-05 09:22:46.460root 11241100x80000000000000006864622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ad7ec3b52a083e2022-01-05 09:22:46.460root 11241100x80000000000000006864623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1399cc2628c99f272022-01-05 09:22:46.460root 11241100x80000000000000006864624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901daf066740014e2022-01-05 09:22:46.460root 11241100x80000000000000006864625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d677f31ce35beec2022-01-05 09:22:46.460root 11241100x80000000000000006864626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e73f79dd2312bb02022-01-05 09:22:46.460root 11241100x80000000000000006864627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d14c21122e4332022-01-05 09:22:46.460root 11241100x80000000000000006864628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24557b1186e454ec2022-01-05 09:22:46.959root 11241100x80000000000000006864629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7aaa899ca8638af2022-01-05 09:22:46.960root 11241100x80000000000000006864630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31071221a71d2e9b2022-01-05 09:22:46.960root 11241100x80000000000000006864631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4aca5e861310892022-01-05 09:22:46.960root 11241100x80000000000000006864632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1feee2120596ed2022-01-05 09:22:46.960root 11241100x80000000000000006864633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f7af25336671162022-01-05 09:22:46.960root 11241100x80000000000000006864634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc94a2fff39f9cc2022-01-05 09:22:46.960root 11241100x80000000000000006864635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be898ff577b35a122022-01-05 09:22:46.960root 11241100x80000000000000006864636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2effbf4a48c1a2362022-01-05 09:22:46.960root 11241100x80000000000000006864637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a08f8725dde8fd2022-01-05 09:22:46.960root 11241100x80000000000000006864638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab6a89dee8bb8082022-01-05 09:22:46.961root 11241100x80000000000000006864639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa9084e64fe3c812022-01-05 09:22:46.961root 11241100x80000000000000006864640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71eca42365a381e12022-01-05 09:22:46.961root 11241100x80000000000000006864641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4cc243cad488722022-01-05 09:22:46.961root 11241100x80000000000000006864642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299838cdd1397d292022-01-05 09:22:47.459root 11241100x80000000000000006864643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb180ed80bc6b5172022-01-05 09:22:47.459root 11241100x80000000000000006864644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed5dca26a5a451c2022-01-05 09:22:47.460root 11241100x80000000000000006864645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e79c95b0dca5b2022-01-05 09:22:47.460root 11241100x80000000000000006864646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aba8279877c83c2022-01-05 09:22:47.460root 11241100x80000000000000006864647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80911dcfdeb3ac142022-01-05 09:22:47.460root 11241100x80000000000000006864648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596d6784c950b2f72022-01-05 09:22:47.460root 11241100x80000000000000006864649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9efc2b23f188b62022-01-05 09:22:47.460root 11241100x80000000000000006864650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce124931d7d2a9612022-01-05 09:22:47.460root 11241100x80000000000000006864651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db9d2d96a5992172022-01-05 09:22:47.460root 11241100x80000000000000006864652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2713a0ed7404b1f12022-01-05 09:22:47.461root 11241100x80000000000000006864653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf407a4340e86422022-01-05 09:22:47.461root 11241100x80000000000000006864654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee3ac817e64e2d92022-01-05 09:22:47.461root 11241100x80000000000000006864655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc870c46314fb422022-01-05 09:22:47.461root 11241100x80000000000000006864656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2cba7988f8ce9b2022-01-05 09:22:47.959root 11241100x80000000000000006864657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056f6c4def1a668f2022-01-05 09:22:47.960root 11241100x80000000000000006864658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19cbd4b853449f32022-01-05 09:22:47.960root 11241100x80000000000000006864659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768cb84d769330422022-01-05 09:22:47.960root 11241100x80000000000000006864660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb649509860866db2022-01-05 09:22:47.960root 11241100x80000000000000006864661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0796c405b48b8c462022-01-05 09:22:47.960root 11241100x80000000000000006864662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292b948b88de39c2022-01-05 09:22:47.960root 11241100x80000000000000006864663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fd24dde64b38462022-01-05 09:22:47.960root 11241100x80000000000000006864664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12d8c79d79981a52022-01-05 09:22:47.960root 11241100x80000000000000006864665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cb054c8a0e6c7e2022-01-05 09:22:47.961root 11241100x80000000000000006864666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c472525440402592022-01-05 09:22:47.961root 11241100x80000000000000006864667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d8f599feb706242022-01-05 09:22:47.961root 11241100x80000000000000006864668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6672bedaefbf822022-01-05 09:22:47.961root 11241100x80000000000000006864669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad054f494b5aa5bc2022-01-05 09:22:47.961root 354300x80000000000000006864670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.064{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40754-false10.0.1.12-8000- 11241100x80000000000000006864671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6e756501675cf42022-01-05 09:22:48.459root 11241100x80000000000000006864672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f585f876b7eaa102022-01-05 09:22:48.460root 11241100x80000000000000006864673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0d90cee727336f2022-01-05 09:22:48.460root 11241100x80000000000000006864674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2720f7e78f7bce2022-01-05 09:22:48.460root 11241100x80000000000000006864675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13541265cb1f8832022-01-05 09:22:48.460root 11241100x80000000000000006864676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b129f3a85ee8462022-01-05 09:22:48.460root 11241100x80000000000000006864677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7937e8f54149ddf72022-01-05 09:22:48.460root 11241100x80000000000000006864678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e820cc3575805502022-01-05 09:22:48.460root 11241100x80000000000000006864679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448f18cf2c1a8a042022-01-05 09:22:48.460root 11241100x80000000000000006864680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65eda319d36cb3c2022-01-05 09:22:48.460root 11241100x80000000000000006864681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce122e01ed646552022-01-05 09:22:48.460root 11241100x80000000000000006864682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2774d1ce1204202022-01-05 09:22:48.460root 11241100x80000000000000006864683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beed27dfbbe315182022-01-05 09:22:48.461root 11241100x80000000000000006864684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cdfce3234ac7b52022-01-05 09:22:48.461root 11241100x80000000000000006864685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f4d4453fdf97a22022-01-05 09:22:48.461root 11241100x80000000000000006864686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3e0656e7902bbe2022-01-05 09:22:48.959root 11241100x80000000000000006864687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d3a3e380f392142022-01-05 09:22:48.960root 11241100x80000000000000006864688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8be6a8fb646c922022-01-05 09:22:48.960root 11241100x80000000000000006864689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fb5f5c4c25031a2022-01-05 09:22:48.960root 11241100x80000000000000006864690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4fb98629af697f2022-01-05 09:22:48.960root 11241100x80000000000000006864691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03e263b86729f222022-01-05 09:22:48.960root 11241100x80000000000000006864692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54d4ff7ac200c772022-01-05 09:22:48.960root 11241100x80000000000000006864693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609b000d2c00cc632022-01-05 09:22:48.960root 11241100x80000000000000006864694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad21c2978ae5abb2022-01-05 09:22:48.960root 11241100x80000000000000006864695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6d861562d995362022-01-05 09:22:48.960root 11241100x80000000000000006864696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d08bedeb55c4ff32022-01-05 09:22:48.960root 11241100x80000000000000006864697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4faa4c66d130d372022-01-05 09:22:48.960root 11241100x80000000000000006864698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e79db81e7b656f2022-01-05 09:22:48.960root 11241100x80000000000000006864699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1f21e718bd22a72022-01-05 09:22:48.960root 11241100x80000000000000006864700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9dd3ad776f51c82022-01-05 09:22:48.960root 11241100x80000000000000006864701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c423a33353c1ebd22022-01-05 09:22:49.459root 11241100x80000000000000006864702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30d082d1e4a2aa22022-01-05 09:22:49.460root 11241100x80000000000000006864703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322069a803eac4ca2022-01-05 09:22:49.460root 11241100x80000000000000006864704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b907e6683a6b0bb2022-01-05 09:22:49.460root 11241100x80000000000000006864705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dac55413effb7472022-01-05 09:22:49.460root 11241100x80000000000000006864706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4a98c8cae5095c2022-01-05 09:22:49.460root 11241100x80000000000000006864707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3906b6f06f0642022-01-05 09:22:49.460root 11241100x80000000000000006864708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7364bea470fab0d82022-01-05 09:22:49.460root 11241100x80000000000000006864709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b974f467d27ae632022-01-05 09:22:49.460root 11241100x80000000000000006864710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2843a999a5a2e48f2022-01-05 09:22:49.460root 11241100x80000000000000006864711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dbf8b8b6c085da2022-01-05 09:22:49.460root 11241100x80000000000000006864712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8af9f4613d64d2022-01-05 09:22:49.460root 11241100x80000000000000006864713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8464f6bc1642602022-01-05 09:22:49.460root 11241100x80000000000000006864714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f94458a411817f2022-01-05 09:22:49.460root 11241100x80000000000000006864715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f6801d82dd9db12022-01-05 09:22:49.461root 11241100x80000000000000006864716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e028c11a4194c192022-01-05 09:22:49.959root 11241100x80000000000000006864717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4599e441f889e7de2022-01-05 09:22:49.960root 11241100x80000000000000006864718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ececb74221eaa0c32022-01-05 09:22:49.960root 11241100x80000000000000006864719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a76e94d57ed7e72022-01-05 09:22:49.960root 11241100x80000000000000006864720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541147f0604024772022-01-05 09:22:49.960root 11241100x80000000000000006864721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7630f9e44dfcbdb2022-01-05 09:22:49.960root 11241100x80000000000000006864722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7055f81bfb1f34922022-01-05 09:22:49.960root 11241100x80000000000000006864723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f064e7103fc80f7a2022-01-05 09:22:49.960root 11241100x80000000000000006864724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a331fb128249bb882022-01-05 09:22:49.960root 11241100x80000000000000006864725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2f072b6f0541932022-01-05 09:22:49.960root 11241100x80000000000000006864726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccad3df4a076c4f2022-01-05 09:22:49.960root 11241100x80000000000000006864727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620042a0c7c8875c2022-01-05 09:22:49.960root 11241100x80000000000000006864728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca96bc5e301869aa2022-01-05 09:22:49.960root 11241100x80000000000000006864729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f4e1b57f9eda542022-01-05 09:22:49.960root 11241100x80000000000000006864730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92578e7c69b98e9d2022-01-05 09:22:49.960root 11241100x80000000000000006864731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b11e7bd203979e92022-01-05 09:22:50.459root 11241100x80000000000000006864732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1506b5da3e88ec3e2022-01-05 09:22:50.460root 11241100x80000000000000006864733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39560fd784ebed2022-01-05 09:22:50.460root 11241100x80000000000000006864734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6e8198bc6d6fec2022-01-05 09:22:50.460root 11241100x80000000000000006864735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f2a41361eec9522022-01-05 09:22:50.460root 11241100x80000000000000006864736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8800db611eb7d3012022-01-05 09:22:50.460root 11241100x80000000000000006864737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86268e1b088fa45b2022-01-05 09:22:50.460root 11241100x80000000000000006864738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063c80973e8ecd472022-01-05 09:22:50.460root 11241100x80000000000000006864739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0419757f922084f82022-01-05 09:22:50.460root 11241100x80000000000000006864740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24cf1d71371dc1c2022-01-05 09:22:50.460root 11241100x80000000000000006864741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419989b3f14369e2022-01-05 09:22:50.460root 11241100x80000000000000006864742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b68e04b158fef562022-01-05 09:22:50.460root 11241100x80000000000000006864743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c0139ee05629ba2022-01-05 09:22:50.460root 11241100x80000000000000006864744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ae6a3e395914ec2022-01-05 09:22:50.460root 11241100x80000000000000006864745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a10be18b1d5a312022-01-05 09:22:50.460root 11241100x80000000000000006864746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dfeaf4837da8792022-01-05 09:22:50.959root 11241100x80000000000000006864747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38f3013dde77d272022-01-05 09:22:50.960root 11241100x80000000000000006864748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b0e9becb791ed02022-01-05 09:22:50.960root 11241100x80000000000000006864749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa1d150ed498da2022-01-05 09:22:50.960root 11241100x80000000000000006864750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05406281172c71e2022-01-05 09:22:50.960root 11241100x80000000000000006864751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0639c6b3bad4372022-01-05 09:22:50.960root 11241100x80000000000000006864752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4996df94990c72022-01-05 09:22:50.960root 11241100x80000000000000006864753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08df664bfbfb70822022-01-05 09:22:50.960root 11241100x80000000000000006864754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c043e73258b15a872022-01-05 09:22:50.960root 11241100x80000000000000006864755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe3f42e08e789cd2022-01-05 09:22:50.960root 11241100x80000000000000006864756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2646dd2080b6fa822022-01-05 09:22:50.960root 11241100x80000000000000006864757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c56ce62b9a393a2022-01-05 09:22:50.960root 11241100x80000000000000006864758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9268bbdc41135f2022-01-05 09:22:50.960root 11241100x80000000000000006864759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d4b6db6b7cb8072022-01-05 09:22:50.960root 11241100x80000000000000006864760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d02cce02e05b6d2022-01-05 09:22:50.960root 11241100x80000000000000006864761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcca572052f3e11a2022-01-05 09:22:51.460root 11241100x80000000000000006864762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e9f72ff54a38f82022-01-05 09:22:51.460root 11241100x80000000000000006864763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edf9b88d7383ba62022-01-05 09:22:51.460root 11241100x80000000000000006864764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9ea9e9d7a59df2022-01-05 09:22:51.460root 11241100x80000000000000006864765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953b5448669e54f22022-01-05 09:22:51.460root 11241100x80000000000000006864766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8511d570a01e064e2022-01-05 09:22:51.460root 11241100x80000000000000006864767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599b3dbff3a18dfb2022-01-05 09:22:51.460root 11241100x80000000000000006864768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfb5239362743532022-01-05 09:22:51.460root 11241100x80000000000000006864769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d926f09698e7261d2022-01-05 09:22:51.460root 11241100x80000000000000006864770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1042db9286e08cbb2022-01-05 09:22:51.460root 11241100x80000000000000006864771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfbb602f3fcdb5b2022-01-05 09:22:51.460root 11241100x80000000000000006864772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e88dac1bc103d2022-01-05 09:22:51.460root 11241100x80000000000000006864773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56f98a57e8d66872022-01-05 09:22:51.460root 11241100x80000000000000006864774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caeb265a62fdffc2022-01-05 09:22:51.461root 11241100x80000000000000006864775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b30d06f20e71fd62022-01-05 09:22:51.461root 11241100x80000000000000006864776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65907ed3b6f72a4c2022-01-05 09:22:51.959root 11241100x80000000000000006864777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e82eb3374e64122022-01-05 09:22:51.960root 11241100x80000000000000006864778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a469e8d07a0a5bc02022-01-05 09:22:51.960root 11241100x80000000000000006864779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e91d25aafe35402022-01-05 09:22:51.960root 11241100x80000000000000006864780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fadbc12aa54827a2022-01-05 09:22:51.960root 11241100x80000000000000006864781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ca0f5f90e1a07c2022-01-05 09:22:51.960root 11241100x80000000000000006864782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b79a3c5dfe53e82022-01-05 09:22:51.960root 11241100x80000000000000006864783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf5bedc636648dc2022-01-05 09:22:51.960root 11241100x80000000000000006864784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d1a94f25b17f62022-01-05 09:22:51.960root 11241100x80000000000000006864785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a72715fcb2574c02022-01-05 09:22:51.960root 11241100x80000000000000006864786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c9091e5de7d0662022-01-05 09:22:51.960root 11241100x80000000000000006864787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f88afb0bbd527a52022-01-05 09:22:51.960root 11241100x80000000000000006864788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad4eff5a927a632022-01-05 09:22:51.960root 11241100x80000000000000006864789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a961f8be64a989f2022-01-05 09:22:51.960root 11241100x80000000000000006864790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f1604101c081722022-01-05 09:22:51.960root 11241100x80000000000000006864791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80902d6751f979392022-01-05 09:22:52.459root 11241100x80000000000000006864792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5b7e52a96a26a92022-01-05 09:22:52.460root 11241100x80000000000000006864793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769853d0f840bbe2022-01-05 09:22:52.460root 11241100x80000000000000006864794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f797cf9ef086412022-01-05 09:22:52.460root 11241100x80000000000000006864795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b30d7a60359d662022-01-05 09:22:52.460root 11241100x80000000000000006864796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a456d538a0cfcb2022-01-05 09:22:52.460root 11241100x80000000000000006864797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf848759c0ab27a22022-01-05 09:22:52.460root 11241100x80000000000000006864798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0840c89b50b146272022-01-05 09:22:52.460root 11241100x80000000000000006864799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f88fbc02d5e0552022-01-05 09:22:52.460root 11241100x80000000000000006864800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbb503c5d7382802022-01-05 09:22:52.460root 11241100x80000000000000006864801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18a54cf072b0b252022-01-05 09:22:52.460root 11241100x80000000000000006864802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c100e0267030562022-01-05 09:22:52.460root 11241100x80000000000000006864803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683737ed8bfbdb0b2022-01-05 09:22:52.460root 11241100x80000000000000006864804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569a4faea342cccf2022-01-05 09:22:52.460root 11241100x80000000000000006864805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d9c3e7a08292b82022-01-05 09:22:52.460root 11241100x80000000000000006864806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4e41e1971bb66e2022-01-05 09:22:52.959root 11241100x80000000000000006864807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97891a4c5335b72e2022-01-05 09:22:52.960root 11241100x80000000000000006864808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e252de73533c79d2022-01-05 09:22:52.960root 11241100x80000000000000006864809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebba6f52b09405bf2022-01-05 09:22:52.960root 11241100x80000000000000006864810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ec6e38eadc296f2022-01-05 09:22:52.960root 11241100x80000000000000006864811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775800d025c530c42022-01-05 09:22:52.960root 11241100x80000000000000006864812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f911baf3fff7bed92022-01-05 09:22:52.960root 11241100x80000000000000006864813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df11288246ac98b2022-01-05 09:22:52.960root 11241100x80000000000000006864814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8bfbf65e9fbe812022-01-05 09:22:52.960root 11241100x80000000000000006864815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c41d27e08861722022-01-05 09:22:52.960root 11241100x80000000000000006864816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b421d83b27dbe762022-01-05 09:22:52.960root 11241100x80000000000000006864817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d7e2db5bb8333c2022-01-05 09:22:52.960root 11241100x80000000000000006864818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1b5ed6edc035452022-01-05 09:22:52.960root 11241100x80000000000000006864819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842a4f25c66160d02022-01-05 09:22:52.960root 11241100x80000000000000006864820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5109b40af21a972022-01-05 09:22:52.961root 354300x80000000000000006864821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.175{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40756-false10.0.1.12-8000- 11241100x80000000000000006864822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269c241b4dc124ea2022-01-05 09:22:53.460root 11241100x80000000000000006864823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7f3916ab00a56b2022-01-05 09:22:53.460root 11241100x80000000000000006864824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ab8804407e7fd22022-01-05 09:22:53.460root 11241100x80000000000000006864825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f3275e4930b3f82022-01-05 09:22:53.460root 11241100x80000000000000006864826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab3fa60d0b9dbd92022-01-05 09:22:53.460root 11241100x80000000000000006864827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bb90962d4cf6362022-01-05 09:22:53.460root 11241100x80000000000000006864828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b13b8dfe43fae5e2022-01-05 09:22:53.460root 11241100x80000000000000006864829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24eb4e2ea99997242022-01-05 09:22:53.460root 11241100x80000000000000006864830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08ff646b18a20582022-01-05 09:22:53.460root 11241100x80000000000000006864831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b2f5e3c22483bb2022-01-05 09:22:53.460root 11241100x80000000000000006864832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7490818f7f29952022-01-05 09:22:53.460root 11241100x80000000000000006864833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05bc42d3ac3e5ba2022-01-05 09:22:53.461root 11241100x80000000000000006864834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4a9356fee5c732022-01-05 09:22:53.461root 11241100x80000000000000006864835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9bf5306c9dd61e2022-01-05 09:22:53.461root 11241100x80000000000000006864836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62238f3518f447122022-01-05 09:22:53.461root 11241100x80000000000000006864837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf2820e612742f02022-01-05 09:22:53.461root 11241100x80000000000000006864838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f03841d97e06642022-01-05 09:22:53.960root 11241100x80000000000000006864839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c1fbb753065cb62022-01-05 09:22:53.960root 11241100x80000000000000006864840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6dbcf3b913f742022-01-05 09:22:53.960root 11241100x80000000000000006864841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e3f7d4a066f062022-01-05 09:22:53.960root 11241100x80000000000000006864842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2de4da12ac639f2022-01-05 09:22:53.960root 11241100x80000000000000006864843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333a4bef4b28a092022-01-05 09:22:53.960root 11241100x80000000000000006864844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72adf7854268d1fc2022-01-05 09:22:53.960root 11241100x80000000000000006864845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8936cc5d3dc28622022-01-05 09:22:53.960root 11241100x80000000000000006864846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620469d0f5ef68702022-01-05 09:22:53.960root 11241100x80000000000000006864847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a240b4ca10ab59f2022-01-05 09:22:53.960root 11241100x80000000000000006864848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748657f1cddd44f12022-01-05 09:22:53.961root 11241100x80000000000000006864849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be94384f095b35c2022-01-05 09:22:53.961root 11241100x80000000000000006864850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe745f98cb5523a42022-01-05 09:22:53.961root 11241100x80000000000000006864851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34dff5211ffad5e2022-01-05 09:22:53.961root 11241100x80000000000000006864852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e77863143ea80602022-01-05 09:22:53.961root 11241100x80000000000000006864853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd48b3df7884eaee2022-01-05 09:22:53.961root 11241100x80000000000000006864854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08c1033e84f77a52022-01-05 09:22:54.460root 11241100x80000000000000006864855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f472af88ae2246582022-01-05 09:22:54.460root 11241100x80000000000000006864856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed16bf378fc0432022-01-05 09:22:54.460root 11241100x80000000000000006864857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a761cee3de1d362022-01-05 09:22:54.460root 11241100x80000000000000006864858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef8ecaae36158d2022-01-05 09:22:54.460root 11241100x80000000000000006864859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaa1182db7c8fdd2022-01-05 09:22:54.460root 11241100x80000000000000006864860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912a002098ba4312022-01-05 09:22:54.460root 11241100x80000000000000006864861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a030623f89848e2022-01-05 09:22:54.461root 11241100x80000000000000006864862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b96ee73d08e53452022-01-05 09:22:54.461root 11241100x80000000000000006864863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ef752011af3dbb2022-01-05 09:22:54.461root 11241100x80000000000000006864864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a257714761fa419f2022-01-05 09:22:54.461root 11241100x80000000000000006864865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca9fa65bdc124782022-01-05 09:22:54.461root 11241100x80000000000000006864866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956bdb67aa6a1bf62022-01-05 09:22:54.461root 11241100x80000000000000006864867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840eb214e68f96422022-01-05 09:22:54.461root 11241100x80000000000000006864868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f522e11c11d305b12022-01-05 09:22:54.461root 11241100x80000000000000006864869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35237e35a1cce01b2022-01-05 09:22:54.461root 11241100x80000000000000006864870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3226c06afac8952a2022-01-05 09:22:54.960root 11241100x80000000000000006864871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020730359cdbe5d02022-01-05 09:22:54.960root 11241100x80000000000000006864872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d5de0ef47bdb9f2022-01-05 09:22:54.960root 11241100x80000000000000006864873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34ea08ade462c742022-01-05 09:22:54.960root 11241100x80000000000000006864874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423d0fd6cc378b762022-01-05 09:22:54.960root 11241100x80000000000000006864875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe76a755a66f7fe2022-01-05 09:22:54.961root 11241100x80000000000000006864876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ceffd1f4359f892022-01-05 09:22:54.961root 11241100x80000000000000006864877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84be2c327fc5e94b2022-01-05 09:22:54.961root 11241100x80000000000000006864878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba86b6c13a4c4362022-01-05 09:22:54.961root 11241100x80000000000000006864879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36272b644db326112022-01-05 09:22:54.961root 11241100x80000000000000006864880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd8c77c3fb34782022-01-05 09:22:54.961root 11241100x80000000000000006864881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7505bfda15ced542022-01-05 09:22:54.961root 11241100x80000000000000006864882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6a0a5e49312ed32022-01-05 09:22:54.962root 11241100x80000000000000006864883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddfab4e68d9dc932022-01-05 09:22:54.962root 11241100x80000000000000006864884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e59b7411d1abd1a2022-01-05 09:22:54.962root 11241100x80000000000000006864885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4bf2f27afacbb92022-01-05 09:22:54.962root 11241100x80000000000000006864886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd39ac66f37d377b2022-01-05 09:22:55.459root 11241100x80000000000000006864887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8d3154eb0f66ee2022-01-05 09:22:55.460root 11241100x80000000000000006864888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86381fd495617a592022-01-05 09:22:55.460root 11241100x80000000000000006864889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0230520669ce51352022-01-05 09:22:55.460root 11241100x80000000000000006864890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474fe94bee1e0b862022-01-05 09:22:55.460root 11241100x80000000000000006864891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117f426d0d3e17172022-01-05 09:22:55.460root 11241100x80000000000000006864892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3bb352a70435c3b2022-01-05 09:22:55.460root 11241100x80000000000000006864893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4d73c92a965f6a2022-01-05 09:22:55.460root 11241100x80000000000000006864894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3a5daa76fa9dc82022-01-05 09:22:55.460root 11241100x80000000000000006864895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ac3bf06cabf9d62022-01-05 09:22:55.460root 11241100x80000000000000006864896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f640667d8a695d952022-01-05 09:22:55.461root 11241100x80000000000000006864897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2a6758bf7f6a6a2022-01-05 09:22:55.461root 11241100x80000000000000006864898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1410bf05b86ab01b2022-01-05 09:22:55.461root 11241100x80000000000000006864899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2692a2a6fbc4eab92022-01-05 09:22:55.461root 11241100x80000000000000006864900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdb09d80b84e5562022-01-05 09:22:55.461root 11241100x80000000000000006864901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f51205b25d88082022-01-05 09:22:55.461root 11241100x80000000000000006864902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d93718f6d831e12022-01-05 09:22:55.959root 11241100x80000000000000006864903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dcfee5aca6664b2022-01-05 09:22:55.960root 11241100x80000000000000006864904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40b18429142d6b2022-01-05 09:22:55.960root 11241100x80000000000000006864905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534482ccfedf0a0b2022-01-05 09:22:55.960root 11241100x80000000000000006864906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543a4910d8833db72022-01-05 09:22:55.960root 11241100x80000000000000006864907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76689b974956c752022-01-05 09:22:55.960root 11241100x80000000000000006864908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f713ca3c50e2672022-01-05 09:22:55.960root 11241100x80000000000000006864909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5723396b5ecd5d442022-01-05 09:22:55.961root 11241100x80000000000000006864910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e40393f9375561a2022-01-05 09:22:55.961root 11241100x80000000000000006864911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705ce44877705d8c2022-01-05 09:22:55.961root 11241100x80000000000000006864912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cd2fa8e9fdf06e2022-01-05 09:22:55.961root 11241100x80000000000000006864913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a5f7584ccb7a4c2022-01-05 09:22:55.961root 11241100x80000000000000006864914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f013431f5cfc12022-01-05 09:22:55.961root 11241100x80000000000000006864915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61691f5d68e657f72022-01-05 09:22:55.961root 11241100x80000000000000006864916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53aa6f1d2ffa57652022-01-05 09:22:55.961root 11241100x80000000000000006864917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:55.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ba52fceab202dd2022-01-05 09:22:55.961root 11241100x80000000000000006864918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de06607683797c112022-01-05 09:22:56.459root 11241100x80000000000000006864919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb929292b6038db2022-01-05 09:22:56.460root 11241100x80000000000000006864920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de15c71494f5d92022-01-05 09:22:56.460root 11241100x80000000000000006864921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fb994561b2a2722022-01-05 09:22:56.460root 11241100x80000000000000006864922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64044cdda0c3bc8a2022-01-05 09:22:56.460root 11241100x80000000000000006864923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69592f3e33ddcef42022-01-05 09:22:56.460root 11241100x80000000000000006864924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1e88e1743c73f92022-01-05 09:22:56.460root 11241100x80000000000000006864925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62480ddfbeaceccb2022-01-05 09:22:56.460root 11241100x80000000000000006864926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58ee663421346f02022-01-05 09:22:56.460root 11241100x80000000000000006864927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa02c9ee2c3b077b2022-01-05 09:22:56.460root 11241100x80000000000000006864928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d764db7a01c053462022-01-05 09:22:56.460root 11241100x80000000000000006864929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050981d43e6768932022-01-05 09:22:56.460root 11241100x80000000000000006864930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e205c8e737f6c2422022-01-05 09:22:56.460root 11241100x80000000000000006864931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1986729eb81d532022-01-05 09:22:56.460root 11241100x80000000000000006864932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569600efa1cc9f482022-01-05 09:22:56.461root 11241100x80000000000000006864933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5107bd29250348632022-01-05 09:22:56.461root 11241100x80000000000000006864934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ea37e7ed8ef0ce2022-01-05 09:22:56.959root 11241100x80000000000000006864935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa039ef44a53f22e2022-01-05 09:22:56.960root 11241100x80000000000000006864936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e55fbdedeb0d9c2022-01-05 09:22:56.960root 11241100x80000000000000006864937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03bd1dfd92425f12022-01-05 09:22:56.960root 11241100x80000000000000006864938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813025f2f54ce1f42022-01-05 09:22:56.960root 11241100x80000000000000006864939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62acd5bf0a28e562022-01-05 09:22:56.960root 11241100x80000000000000006864940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4213e58755363df82022-01-05 09:22:56.960root 11241100x80000000000000006864941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffddaaeb6d7489c52022-01-05 09:22:56.960root 11241100x80000000000000006864942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a3198a18dfe8d52022-01-05 09:22:56.960root 11241100x80000000000000006864943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0772518ada0d8ab92022-01-05 09:22:56.960root 11241100x80000000000000006864944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4387728ab3e33f2022-01-05 09:22:56.960root 11241100x80000000000000006864945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1a7faa50022e242022-01-05 09:22:56.960root 11241100x80000000000000006864946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972f491d71f2975f2022-01-05 09:22:56.960root 11241100x80000000000000006864947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e560ad15a9de9132022-01-05 09:22:56.960root 11241100x80000000000000006864948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30859eb2e10be91b2022-01-05 09:22:56.960root 11241100x80000000000000006864949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:56.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e6b3af19ebade52022-01-05 09:22:56.961root 11241100x80000000000000006864950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9f6bcb15a27032022-01-05 09:22:57.459root 11241100x80000000000000006864951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4422be927637c942022-01-05 09:22:57.460root 11241100x80000000000000006864952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba2e4f755cad9c2022-01-05 09:22:57.460root 11241100x80000000000000006864953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0eaa1d2e4ccde072022-01-05 09:22:57.460root 11241100x80000000000000006864954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2291173eb05bf8f2022-01-05 09:22:57.460root 11241100x80000000000000006864955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c243f8f509573e52022-01-05 09:22:57.460root 11241100x80000000000000006864956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4d422b45e3b3592022-01-05 09:22:57.460root 11241100x80000000000000006864957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b099131e145504f02022-01-05 09:22:57.460root 11241100x80000000000000006864958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7394853d0c62652022-01-05 09:22:57.460root 11241100x80000000000000006864959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a3f35c84dab09f2022-01-05 09:22:57.460root 11241100x80000000000000006864960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785cb9354a1190be2022-01-05 09:22:57.460root 11241100x80000000000000006864961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41ce0c45124689a2022-01-05 09:22:57.460root 11241100x80000000000000006864962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4304d8d553c62a2022-01-05 09:22:57.460root 11241100x80000000000000006864963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eab899b8f9c7012022-01-05 09:22:57.461root 11241100x80000000000000006864964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4450eab32f8d0d4f2022-01-05 09:22:57.461root 11241100x80000000000000006864965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f72cf4254751c132022-01-05 09:22:57.461root 11241100x80000000000000006864966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f654f586d3d2bf162022-01-05 09:22:57.959root 11241100x80000000000000006864967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff01c7c2f5224d82022-01-05 09:22:57.960root 11241100x80000000000000006864968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e558d213ccb4a81b2022-01-05 09:22:57.960root 11241100x80000000000000006864969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9285f4a3054dfc842022-01-05 09:22:57.960root 11241100x80000000000000006864970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f748bf22c1926372022-01-05 09:22:57.960root 11241100x80000000000000006864971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c57e9590a18a40b2022-01-05 09:22:57.960root 11241100x80000000000000006864972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b021bce83235f012022-01-05 09:22:57.960root 11241100x80000000000000006864973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dbb2c3422213b12022-01-05 09:22:57.960root 11241100x80000000000000006864974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33096102807880e2022-01-05 09:22:57.960root 11241100x80000000000000006864975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54590947b063a3e2022-01-05 09:22:57.961root 11241100x80000000000000006864976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4ce19330d2f232022-01-05 09:22:57.961root 11241100x80000000000000006864977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3d027fe3bd0202022-01-05 09:22:57.961root 11241100x80000000000000006864978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81d1e73ab718a142022-01-05 09:22:57.961root 11241100x80000000000000006864979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59556abf7b17ce02022-01-05 09:22:57.961root 11241100x80000000000000006864980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b10d0f60b6e0b6e2022-01-05 09:22:57.961root 11241100x80000000000000006864981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:57.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460839907440ed142022-01-05 09:22:57.961root 154100x80000000000000006864982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.088{ec2e79f3-6372-61d5-a036-7b0000000000}22935/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- doas/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{00000000-0000-0000-0000-000000000000}22934--- 154100x80000000000000006864983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.176{ec2e79f3-6372-61d5-1825-f5414e560000}22936/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command doas/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-6372-61d5-a036-7b0000000000}22935/usr/bin/python3.6/usr/bin/python3ubuntu 534500x80000000000000006864984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.199{ec2e79f3-6372-61d5-1825-f5414e560000}22936/usr/bin/snapubuntu 534500x80000000000000006864985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.199{ec2e79f3-6372-61d5-1825-f5414e560000}22936/usr/bin/snapubuntu 534500x80000000000000006864986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.199{ec2e79f3-6372-61d5-1825-f5414e560000}22936/usr/bin/snapubuntu 534500x80000000000000006864987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.199{ec2e79f3-6372-61d5-1825-f5414e560000}22936/usr/bin/snapubuntu 154100x80000000000000006864988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.176{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command doas/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-6372-61d5-a036-7b0000000000}22935/usr/bin/python3.6/usr/bin/python3ubuntu 534500x80000000000000006864989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.199{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 11241100x80000000000000006864990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a209a14fa02362022-01-05 09:22:58.211root 11241100x80000000000000006864991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbcdf6c8bcefe1f2022-01-05 09:22:58.211root 11241100x80000000000000006864992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab1d81c0c2313e02022-01-05 09:22:58.211root 11241100x80000000000000006864993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13392e9ce4ba0252022-01-05 09:22:58.211root 11241100x80000000000000006864994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da90014e6d2e2042022-01-05 09:22:58.211root 11241100x80000000000000006864995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07198cb752fb62392022-01-05 09:22:58.212root 11241100x80000000000000006864996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e028f694d378c22022-01-05 09:22:58.212root 11241100x80000000000000006864997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdfb24c4be1392c2022-01-05 09:22:58.212root 11241100x80000000000000006864998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813b104b8b1cf0d2022-01-05 09:22:58.212root 11241100x80000000000000006864999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8aa3245dc87b572022-01-05 09:22:58.212root 11241100x80000000000000006865000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7050414308613d62022-01-05 09:22:58.212root 11241100x80000000000000006865001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e0b832ebdbac812022-01-05 09:22:58.214root 11241100x80000000000000006865002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d8309d4dd07af02022-01-05 09:22:58.214root 11241100x80000000000000006865003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e188389da35b902022-01-05 09:22:58.214root 11241100x80000000000000006865004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a92d6f3cc664e02022-01-05 09:22:58.214root 11241100x80000000000000006865005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181a2b1cb4a345f2022-01-05 09:22:58.215root 11241100x80000000000000006865006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799c21eafb6a9b642022-01-05 09:22:58.215root 11241100x80000000000000006865007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf89d99bff1c9f32022-01-05 09:22:58.215root 11241100x80000000000000006865008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacdb1cc393ee3102022-01-05 09:22:58.215root 11241100x80000000000000006865009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc55cfd0e620a72022-01-05 09:22:58.215root 11241100x80000000000000006865010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7614142fc6d891832022-01-05 09:22:58.215root 11241100x80000000000000006865011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d61e05141577032022-01-05 09:22:58.215root 11241100x80000000000000006865012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5268c2c6dfbc5c6c2022-01-05 09:22:58.216root 11241100x80000000000000006865013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6026620165993e9f2022-01-05 09:22:58.216root 11241100x80000000000000006865014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd98478132c3b52022-01-05 09:22:58.216root 11241100x80000000000000006865015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1876c66acf28d24e2022-01-05 09:22:58.216root 11241100x80000000000000006865016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50082dec44b47bb62022-01-05 09:22:58.216root 11241100x80000000000000006865017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b6840892fb2ad22022-01-05 09:22:58.216root 11241100x80000000000000006865018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49b5efedf2fc8812022-01-05 09:22:58.216root 11241100x80000000000000006865019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff35c1c7acdbe922022-01-05 09:22:58.216root 11241100x80000000000000006865020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376e6afd36564d32022-01-05 09:22:58.217root 11241100x80000000000000006865021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5884c9843634dad12022-01-05 09:22:58.217root 11241100x80000000000000006865022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e1b053867ce472022-01-05 09:22:58.217root 11241100x80000000000000006865023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7714a12000c5a11c2022-01-05 09:22:58.217root 11241100x80000000000000006865024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551ede7ea92a21992022-01-05 09:22:58.217root 11241100x80000000000000006865025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86decb66406ab1c22022-01-05 09:22:58.217root 11241100x80000000000000006865026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1668ded71f7c56b2022-01-05 09:22:58.217root 11241100x80000000000000006865027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709c07c82dbfa5382022-01-05 09:22:58.217root 11241100x80000000000000006865028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3633b1dba6a9cbe2022-01-05 09:22:58.217root 11241100x80000000000000006865029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3138bf155c97452022-01-05 09:22:58.217root 11241100x80000000000000006865030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70cffd7984839a32022-01-05 09:22:58.218root 11241100x80000000000000006865031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f39d57e09f19f762022-01-05 09:22:58.218root 11241100x80000000000000006865032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c344b5c2dc7286f42022-01-05 09:22:58.218root 11241100x80000000000000006865033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358bc3621730e4992022-01-05 09:22:58.218root 11241100x80000000000000006865034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dbddb9a4d8a8062022-01-05 09:22:58.218root 11241100x80000000000000006865035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eec1e74087d5bd92022-01-05 09:22:58.218root 534500x80000000000000006865036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.234{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.234{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.234{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.234{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.234{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.234{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.235{ec2e79f3-6372-61d5-7419-aa21dc550000}22936/snap/snapd/14295/usr/bin/snapubuntu 534500x80000000000000006865043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.257{ec2e79f3-6372-61d5-a036-7b0000000000}22935/usr/bin/python3.6ubuntu 534500x80000000000000006865044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.257{00000000-0000-0000-0000-000000000000}22934<unknown process>ubuntu 11241100x80000000000000006865045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7596c5d7a165b022022-01-05 09:22:58.709root 11241100x80000000000000006865046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd4d046ea55f542022-01-05 09:22:58.709root 11241100x80000000000000006865047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06304298d70e33a52022-01-05 09:22:58.709root 11241100x80000000000000006865048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2980e7e99fece352022-01-05 09:22:58.709root 11241100x80000000000000006865049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41705fa6d15297b2022-01-05 09:22:58.709root 11241100x80000000000000006865050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33594041aa64bf3f2022-01-05 09:22:58.710root 11241100x80000000000000006865051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12a0a87b427f08b2022-01-05 09:22:58.710root 11241100x80000000000000006865052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841ca506dd6e836a2022-01-05 09:22:58.710root 11241100x80000000000000006865053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a1020be2a4f6fd2022-01-05 09:22:58.710root 11241100x80000000000000006865054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236949c58008e5872022-01-05 09:22:58.710root 11241100x80000000000000006865055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309a79079ecaca232022-01-05 09:22:58.711root 11241100x80000000000000006865056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ea16c09fb06caa2022-01-05 09:22:58.711root 11241100x80000000000000006865057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ae4a92704c28612022-01-05 09:22:58.712root 11241100x80000000000000006865058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b5fbb912a65b862022-01-05 09:22:58.712root 11241100x80000000000000006865059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205a3018f6ea29a2022-01-05 09:22:58.712root 11241100x80000000000000006865060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07475dad0154d7a12022-01-05 09:22:58.712root 11241100x80000000000000006865061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7294a7386283b9382022-01-05 09:22:58.712root 11241100x80000000000000006865062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa94664ba9bec0f72022-01-05 09:22:58.712root 11241100x80000000000000006865063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c6f541ed57b532022-01-05 09:22:58.712root 11241100x80000000000000006865064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b550d4a690e9bd2022-01-05 09:22:58.712root 11241100x80000000000000006865065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1483b950fa1d3af82022-01-05 09:22:58.712root 11241100x80000000000000006865066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0c251bc5c9a052022-01-05 09:22:58.712root 11241100x80000000000000006865067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3279534a6d55abbe2022-01-05 09:22:58.712root 11241100x80000000000000006865068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fae9f9f5352a482022-01-05 09:22:58.712root 11241100x80000000000000006865069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6997f513452373af2022-01-05 09:22:58.713root 11241100x80000000000000006865070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3fa8dcb9936f322022-01-05 09:22:58.713root 11241100x80000000000000006865071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33554a5cccf6a3fa2022-01-05 09:22:58.713root 11241100x80000000000000006865072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5e860bf9af63eb2022-01-05 09:22:58.713root 11241100x80000000000000006865073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cf6144c7483b9d2022-01-05 09:22:58.713root 11241100x80000000000000006865074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d1b877707a29352022-01-05 09:22:58.713root 11241100x80000000000000006865075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9dcdbefc7755fb2022-01-05 09:22:58.713root 11241100x80000000000000006865076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dd9754d46bab182022-01-05 09:22:58.713root 11241100x80000000000000006865077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb5b909023b3f22022-01-05 09:22:58.713root 11241100x80000000000000006865078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f32e28e45e5f1002022-01-05 09:22:58.713root 11241100x80000000000000006865079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0611f7bf2c0dc22022-01-05 09:22:58.713root 11241100x80000000000000006865080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e4747a47f346582022-01-05 09:22:58.713root 11241100x80000000000000006865081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf987ffa4f1cf7022022-01-05 09:22:58.713root 11241100x80000000000000006865082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f375bfd6eb1408b2022-01-05 09:22:58.713root 11241100x80000000000000006865083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd1e1312fa21b792022-01-05 09:22:58.713root 11241100x80000000000000006865084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc01b28afa840ec42022-01-05 09:22:58.713root 11241100x80000000000000006865085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ec7e7ab104d11b2022-01-05 09:22:58.714root 11241100x80000000000000006865086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75161045771f716e2022-01-05 09:22:58.714root 11241100x80000000000000006865087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb811e43ae0b34e2022-01-05 09:22:58.714root 11241100x80000000000000006865088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1bbd261c7af8ac2022-01-05 09:22:58.714root 11241100x80000000000000006865089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:58.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5531d12914f5be2022-01-05 09:22:58.714root 354300x80000000000000006865090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.022{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40758-false10.0.1.12-8000- 11241100x80000000000000006865091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56956361196e3f7b2022-01-05 09:22:59.023root 11241100x80000000000000006865092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3343d01e2e806eda2022-01-05 09:22:59.023root 11241100x80000000000000006865093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef892d6ea3eb4262022-01-05 09:22:59.023root 11241100x80000000000000006865094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.023{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aec796cfb0999722022-01-05 09:22:59.023root 11241100x80000000000000006865095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0260de095eeb2252022-01-05 09:22:59.024root 11241100x80000000000000006865096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259136434555f8292022-01-05 09:22:59.024root 11241100x80000000000000006865097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07132b8fa4516d492022-01-05 09:22:59.024root 11241100x80000000000000006865098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c10263ecccd890a2022-01-05 09:22:59.024root 11241100x80000000000000006865099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46996acc9ab26eb42022-01-05 09:22:59.024root 11241100x80000000000000006865100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819b41d10e977bf82022-01-05 09:22:59.024root 11241100x80000000000000006865101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1ab0d98b15a7ca2022-01-05 09:22:59.024root 11241100x80000000000000006865102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523371d9fb1962a72022-01-05 09:22:59.024root 11241100x80000000000000006865103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2016b4173285942022-01-05 09:22:59.024root 11241100x80000000000000006865104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fc117501c7eef72022-01-05 09:22:59.024root 11241100x80000000000000006865105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ebcc5ffe7af45912022-01-05 09:22:59.024root 11241100x80000000000000006865106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e0e49976a9047c2022-01-05 09:22:59.024root 11241100x80000000000000006865107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.024{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e060dc148aaeccd72022-01-05 09:22:59.024root 11241100x80000000000000006865108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185c7801f0bac45d2022-01-05 09:22:59.025root 11241100x80000000000000006865109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3131e801ebf94d3c2022-01-05 09:22:59.025root 11241100x80000000000000006865110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3406504a5608ac2022-01-05 09:22:59.025root 11241100x80000000000000006865111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b73f1eaa6078572022-01-05 09:22:59.025root 11241100x80000000000000006865112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3997ee12f17bdba2022-01-05 09:22:59.025root 11241100x80000000000000006865113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80478aa70d7ea7cf2022-01-05 09:22:59.025root 11241100x80000000000000006865114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a99b57fb91396b2022-01-05 09:22:59.025root 11241100x80000000000000006865115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fd4df5ca25172f2022-01-05 09:22:59.025root 11241100x80000000000000006865116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.025{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f598b2e612051ed2022-01-05 09:22:59.025root 11241100x80000000000000006865117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350b8abd1192ab612022-01-05 09:22:59.026root 11241100x80000000000000006865118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba96d724f118becb2022-01-05 09:22:59.026root 11241100x80000000000000006865119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c35eeb536700d202022-01-05 09:22:59.026root 11241100x80000000000000006865120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcaca03ac0404062022-01-05 09:22:59.026root 11241100x80000000000000006865121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b057c29030ea5932022-01-05 09:22:59.026root 11241100x80000000000000006865122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f62644e5ece1752022-01-05 09:22:59.026root 11241100x80000000000000006865123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69af885f747bd852022-01-05 09:22:59.026root 11241100x80000000000000006865124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483ae9ecc348ef412022-01-05 09:22:59.026root 11241100x80000000000000006865125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.026{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b2f6bedf8de1cd2022-01-05 09:22:59.026root 11241100x80000000000000006865126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab6e7e51e141c8d2022-01-05 09:22:59.027root 11241100x80000000000000006865127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40cd44f1e3a51592022-01-05 09:22:59.027root 11241100x80000000000000006865128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c1b5272e5477802022-01-05 09:22:59.027root 11241100x80000000000000006865129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8dc4832723458f2022-01-05 09:22:59.027root 11241100x80000000000000006865130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108a801ecbacc2902022-01-05 09:22:59.027root 11241100x80000000000000006865131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9d4ab97f0a1bdf2022-01-05 09:22:59.027root 11241100x80000000000000006865132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75287dca9d55c1c2022-01-05 09:22:59.027root 11241100x80000000000000006865133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.027{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62db76b0d38f7972022-01-05 09:22:59.027root 11241100x80000000000000006865134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:22:59.402root 11241100x80000000000000006865135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a28f4cb5b2dc572022-01-05 09:22:59.404root 11241100x80000000000000006865136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5d10a437f8d8c22022-01-05 09:22:59.404root 11241100x80000000000000006865137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37490abe7a366f872022-01-05 09:22:59.404root 11241100x80000000000000006865138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33302856fa2e3c722022-01-05 09:22:59.404root 11241100x80000000000000006865139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40054efab6eb09302022-01-05 09:22:59.404root 11241100x80000000000000006865140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c081ca0199a2e72022-01-05 09:22:59.405root 11241100x80000000000000006865141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15bd05f9dfe35a72022-01-05 09:22:59.405root 11241100x80000000000000006865142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df0e6c69f1db9622022-01-05 09:22:59.405root 11241100x80000000000000006865143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d122492f81184fcf2022-01-05 09:22:59.405root 11241100x80000000000000006865144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab208a17d525578d2022-01-05 09:22:59.405root 11241100x80000000000000006865145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408048744f0d03352022-01-05 09:22:59.405root 11241100x80000000000000006865146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9ed6310c8497862022-01-05 09:22:59.406root 11241100x80000000000000006865147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b402e8230c33d7d32022-01-05 09:22:59.406root 11241100x80000000000000006865148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6eea66e075b12e92022-01-05 09:22:59.406root 11241100x80000000000000006865149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559189416c87af02022-01-05 09:22:59.406root 11241100x80000000000000006865150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a0869875d03c8f2022-01-05 09:22:59.406root 11241100x80000000000000006865151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d601f7946632aeb82022-01-05 09:22:59.406root 11241100x80000000000000006865152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cda51c4ba2ac602022-01-05 09:22:59.407root 11241100x80000000000000006865153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796fb83ecd59dce02022-01-05 09:22:59.407root 11241100x80000000000000006865154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47f3d40707da4f52022-01-05 09:22:59.407root 11241100x80000000000000006865155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953eb702633a077c2022-01-05 09:22:59.407root 11241100x80000000000000006865156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b6246b5d363a6f2022-01-05 09:22:59.407root 11241100x80000000000000006865157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf3b6fdb3830d922022-01-05 09:22:59.407root 11241100x80000000000000006865158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934195fdf73fc9c92022-01-05 09:22:59.407root 11241100x80000000000000006865159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9a4f694c221bc52022-01-05 09:22:59.407root 11241100x80000000000000006865160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddd6e3aff87e0d92022-01-05 09:22:59.407root 11241100x80000000000000006865161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e208e43c5b02c8932022-01-05 09:22:59.407root 11241100x80000000000000006865162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fa69549136fb562022-01-05 09:22:59.407root 11241100x80000000000000006865163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083a1f607e632f032022-01-05 09:22:59.407root 11241100x80000000000000006865164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eda402904e6be152022-01-05 09:22:59.408root 11241100x80000000000000006865165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ff96d4ea8f42122022-01-05 09:22:59.408root 11241100x80000000000000006865166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6391bf4ab81c3b2022-01-05 09:22:59.408root 11241100x80000000000000006865167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d6093e1ed5e86c2022-01-05 09:22:59.408root 11241100x80000000000000006865168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec53f54f4ce825e2022-01-05 09:22:59.408root 11241100x80000000000000006865169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196ee82c7aa798c2022-01-05 09:22:59.408root 11241100x80000000000000006865170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3e6207d47d2ae22022-01-05 09:22:59.408root 11241100x80000000000000006865171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3994794c7960686e2022-01-05 09:22:59.408root 11241100x80000000000000006865172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2f946f951414502022-01-05 09:22:59.408root 11241100x80000000000000006865173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fe27f856bef1a32022-01-05 09:22:59.408root 11241100x80000000000000006865174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ac20f9abb5e4f42022-01-05 09:22:59.408root 11241100x80000000000000006865175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfc7de91c58c4f32022-01-05 09:22:59.408root 11241100x80000000000000006865176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.408{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645599658356d80e2022-01-05 09:22:59.408root 11241100x80000000000000006865177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.409{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305d05ec3e2dbff12022-01-05 09:22:59.409root 11241100x80000000000000006865178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.409{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2961430d1c17ceca2022-01-05 09:22:59.409root 11241100x80000000000000006865179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.409{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbb7316515498e82022-01-05 09:22:59.409root 11241100x80000000000000006865180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.409{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee743229887cee22022-01-05 09:22:59.409root 11241100x80000000000000006865181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.409{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a33b53ebdd4c97c2022-01-05 09:22:59.409root 11241100x80000000000000006865182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.409{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718bfcad7d5d20782022-01-05 09:22:59.409root 11241100x80000000000000006865183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479b32eba59dced82022-01-05 09:22:59.710root 11241100x80000000000000006865184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5718975615f616032022-01-05 09:22:59.710root 11241100x80000000000000006865185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0132f35b44f0672022-01-05 09:22:59.710root 11241100x80000000000000006865186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fc8c50b161615b2022-01-05 09:22:59.710root 11241100x80000000000000006865187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fbe0d7c7a6fe432022-01-05 09:22:59.710root 11241100x80000000000000006865188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b99af4e019462c2022-01-05 09:22:59.710root 11241100x80000000000000006865189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842d1e66626b1af92022-01-05 09:22:59.710root 11241100x80000000000000006865190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d2ded820b99872022-01-05 09:22:59.711root 11241100x80000000000000006865191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8643b6291c007d2022-01-05 09:22:59.711root 11241100x80000000000000006865192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cc8d4e3ba0d34b2022-01-05 09:22:59.711root 11241100x80000000000000006865193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b88f88c0d54a532022-01-05 09:22:59.711root 11241100x80000000000000006865194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285a6b7726cceaa32022-01-05 09:22:59.711root 11241100x80000000000000006865195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e039da5c914e30762022-01-05 09:22:59.711root 11241100x80000000000000006865196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37db951afe6b6912022-01-05 09:22:59.711root 11241100x80000000000000006865197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ea23e16e6c31272022-01-05 09:22:59.711root 11241100x80000000000000006865198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc65b8b0ed783b72022-01-05 09:22:59.711root 11241100x80000000000000006865199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648468940ef333842022-01-05 09:22:59.711root 11241100x80000000000000006865200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2334597f79abf85c2022-01-05 09:22:59.711root 11241100x80000000000000006865201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e19b1b26e4076242022-01-05 09:22:59.711root 11241100x80000000000000006865202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f683dda153dcf9ee2022-01-05 09:22:59.711root 11241100x80000000000000006865203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901f81ba44aebea12022-01-05 09:22:59.712root 11241100x80000000000000006865204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ac3c53542cc1a22022-01-05 09:22:59.712root 11241100x80000000000000006865205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543396e829be3cc82022-01-05 09:22:59.712root 11241100x80000000000000006865206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff6e23f64083e302022-01-05 09:22:59.712root 11241100x80000000000000006865207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d5c025219a56722022-01-05 09:22:59.712root 11241100x80000000000000006865208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231dcb6856910d0c2022-01-05 09:22:59.712root 11241100x80000000000000006865209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55456a61db0d88dd2022-01-05 09:22:59.712root 11241100x80000000000000006865210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a50cd499bf3b34b2022-01-05 09:22:59.712root 11241100x80000000000000006865211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb9ec68b838f0bc2022-01-05 09:22:59.712root 11241100x80000000000000006865212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226a7c9720e71a02022-01-05 09:22:59.712root 11241100x80000000000000006865213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b40c8111557dac02022-01-05 09:22:59.712root 11241100x80000000000000006865214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed61e6e1d5f0b9912022-01-05 09:22:59.712root 11241100x80000000000000006865215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2b8a14f29667a2022-01-05 09:22:59.712root 11241100x80000000000000006865216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeda562392db6cb2022-01-05 09:22:59.712root 11241100x80000000000000006865217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179c7899ea1b12892022-01-05 09:22:59.712root 11241100x80000000000000006865218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6612345eb610162022-01-05 09:22:59.712root 11241100x80000000000000006865219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217eb5c3e36223bd2022-01-05 09:22:59.713root 11241100x80000000000000006865220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:22:59.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622b8b76086589aa2022-01-05 09:22:59.713root 11241100x80000000000000006865221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775a9fc3cf866b912022-01-05 09:23:00.209root 11241100x80000000000000006865222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00411871f8c9a7b2022-01-05 09:23:00.209root 11241100x80000000000000006865223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e412da3c92e2c2022-01-05 09:23:00.210root 11241100x80000000000000006865224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31d26d4dc5e1c5e2022-01-05 09:23:00.210root 11241100x80000000000000006865225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7459da1da4cf14972022-01-05 09:23:00.210root 11241100x80000000000000006865226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caa4a2be5b606042022-01-05 09:23:00.210root 11241100x80000000000000006865227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3191bbdcd855f67d2022-01-05 09:23:00.210root 11241100x80000000000000006865228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095b1f9ac2508a572022-01-05 09:23:00.210root 11241100x80000000000000006865229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afd939eff0771952022-01-05 09:23:00.210root 11241100x80000000000000006865230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51ea770ec91c2b92022-01-05 09:23:00.210root 11241100x80000000000000006865231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee51cc99971e3b72022-01-05 09:23:00.210root 11241100x80000000000000006865232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145d53215bcbaac22022-01-05 09:23:00.211root 11241100x80000000000000006865233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414330d8611e60d82022-01-05 09:23:00.211root 11241100x80000000000000006865234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82c356f350d11b52022-01-05 09:23:00.211root 11241100x80000000000000006865235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776538ea7c97db902022-01-05 09:23:00.211root 11241100x80000000000000006865236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ff550d3c19acd92022-01-05 09:23:00.211root 11241100x80000000000000006865237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2e8191619a58232022-01-05 09:23:00.211root 11241100x80000000000000006865238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72effec5e90aae52022-01-05 09:23:00.211root 11241100x80000000000000006865239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a539603c5ac423ad2022-01-05 09:23:00.211root 11241100x80000000000000006865240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c030cb552b20a912022-01-05 09:23:00.211root 11241100x80000000000000006865241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f88d970207e1f2022-01-05 09:23:00.211root 11241100x80000000000000006865242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d84ab6fa786c662022-01-05 09:23:00.211root 11241100x80000000000000006865243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf0dc37b158f2ca2022-01-05 09:23:00.212root 11241100x80000000000000006865244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2950db9f2c2d342022-01-05 09:23:00.212root 11241100x80000000000000006865245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226ce8d1f3656c882022-01-05 09:23:00.212root 11241100x80000000000000006865246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bef5efad27cc2a72022-01-05 09:23:00.212root 11241100x80000000000000006865247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad41e2df15b6b5792022-01-05 09:23:00.212root 11241100x80000000000000006865248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac66db3bff2eb7b2022-01-05 09:23:00.212root 11241100x80000000000000006865249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2958f59cfccb078e2022-01-05 09:23:00.212root 11241100x80000000000000006865250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae4d95d13b02d0d2022-01-05 09:23:00.212root 11241100x80000000000000006865251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3acfc6e90c064472022-01-05 09:23:00.212root 11241100x80000000000000006865252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9b697f084a57e82022-01-05 09:23:00.212root 11241100x80000000000000006865253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ca8239f8e295442022-01-05 09:23:00.212root 11241100x80000000000000006865254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341f946458f40c892022-01-05 09:23:00.213root 11241100x80000000000000006865255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4a136d017fa9e92022-01-05 09:23:00.213root 11241100x80000000000000006865256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574a3f56ad8feeb72022-01-05 09:23:00.213root 11241100x80000000000000006865257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4148ead6f18aeba42022-01-05 09:23:00.213root 11241100x80000000000000006865258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77943676a17c0782022-01-05 09:23:00.213root 11241100x80000000000000006865259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0495fd9ec655682022-01-05 09:23:00.213root 11241100x80000000000000006865260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7c36dc34ec63ec2022-01-05 09:23:00.213root 11241100x80000000000000006865261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f11b55867a34612022-01-05 09:23:00.213root 11241100x80000000000000006865262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fce868fbbef0c72022-01-05 09:23:00.213root 11241100x80000000000000006865263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f0f1d9fc5374e92022-01-05 09:23:00.213root 11241100x80000000000000006865264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d69c5cdd0f3eb832022-01-05 09:23:00.215root 11241100x80000000000000006865265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ab24123315e7952022-01-05 09:23:00.215root 11241100x80000000000000006865266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44d9e595b53963762022-01-05 09:23:00.215root 11241100x80000000000000006865267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6ef75f8bce83622022-01-05 09:23:00.215root 11241100x80000000000000006865268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeca25d798ca3cdf2022-01-05 09:23:00.215root 11241100x80000000000000006865269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4818e984c7112de2022-01-05 09:23:00.215root 11241100x80000000000000006865270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b699e9f70f176542022-01-05 09:23:00.215root 11241100x80000000000000006865271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebf997dc311605e2022-01-05 09:23:00.216root 11241100x80000000000000006865272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5d5c50442ce8e22022-01-05 09:23:00.216root 11241100x80000000000000006865273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a824238b8e5f7272022-01-05 09:23:00.216root 11241100x80000000000000006865274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943aebd0b6284d802022-01-05 09:23:00.709root 11241100x80000000000000006865275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd914d2d369d947f2022-01-05 09:23:00.710root 11241100x80000000000000006865276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58660cc23bada6762022-01-05 09:23:00.710root 11241100x80000000000000006865277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabdd7c95fb134e22022-01-05 09:23:00.710root 11241100x80000000000000006865278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116e0e0851daaf42022-01-05 09:23:00.710root 11241100x80000000000000006865279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddaf535900a23ef2022-01-05 09:23:00.710root 11241100x80000000000000006865280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851658376b950fb52022-01-05 09:23:00.710root 11241100x80000000000000006865281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bade47e8555aa42022-01-05 09:23:00.710root 11241100x80000000000000006865282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e05f3eabf5f05c32022-01-05 09:23:00.710root 11241100x80000000000000006865283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83382387ac689f52022-01-05 09:23:00.711root 11241100x80000000000000006865284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4be292d83a76f72022-01-05 09:23:00.711root 11241100x80000000000000006865285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a957eadb96f4102022-01-05 09:23:00.711root 11241100x80000000000000006865286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8af5ee868545172022-01-05 09:23:00.711root 11241100x80000000000000006865287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f13d742acf23692022-01-05 09:23:00.711root 11241100x80000000000000006865288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb8b532a6ba5d912022-01-05 09:23:00.711root 154100x80000000000000006865328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:08.854{ec2e79f3-637c-61d5-6834-454515560000}22949/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000006865329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:08.864{ec2e79f3-637c-61d5-6834-454515560000}22949/bin/psroot 11241100x80000000000000006865330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdd0f19d39613de2022-01-05 09:23:09.209root 11241100x80000000000000006865331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5565a9e94704362022-01-05 09:23:09.209root 354300x80000000000000006865332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:09.235{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40762-false10.0.1.12-8000- 11241100x80000000000000006865333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1227a764e6966b72022-01-05 09:23:09.709root 11241100x80000000000000006865334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d1b7e932ed1202022-01-05 09:23:09.709root 11241100x80000000000000006865335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e12765bc4b248eb2022-01-05 09:23:09.709root 11241100x80000000000000006865336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfde3f4ddd0ec66a2022-01-05 09:23:10.209root 11241100x80000000000000006865337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743cfe5c19b876312022-01-05 09:23:10.209root 11241100x80000000000000006865338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c775f1ed508a3b2022-01-05 09:23:10.209root 11241100x80000000000000006865339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe49173b357698fd2022-01-05 09:23:10.709root 11241100x80000000000000006865340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1e01be5e5650822022-01-05 09:23:10.709root 11241100x80000000000000006865341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c39c2a639908eb02022-01-05 09:23:10.709root 11241100x80000000000000006865342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a2914c265236472022-01-05 09:23:11.209root 11241100x80000000000000006865343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30af6a28ef4525782022-01-05 09:23:11.209root 11241100x80000000000000006865344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bef89c0d493afe22022-01-05 09:23:11.209root 11241100x80000000000000006865345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa2bbd91cad21ed2022-01-05 09:23:11.709root 11241100x80000000000000006865346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1283a2fd29b815c2022-01-05 09:23:11.709root 11241100x80000000000000006865347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d710a07b484a05d2022-01-05 09:23:11.709root 11241100x80000000000000006865348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d064e2ab99255ee62022-01-05 09:23:12.209root 11241100x80000000000000006865349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a115a38dc72d4f302022-01-05 09:23:12.209root 11241100x80000000000000006865350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:12.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb2e1038371cd542022-01-05 09:23:12.209root 11241100x80000000000000006865351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7e09d3f78781462022-01-05 09:23:12.709root 11241100x80000000000000006865352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91702130667dd87e2022-01-05 09:23:12.709root 11241100x80000000000000006865353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564db84a296d82a12022-01-05 09:23:12.709root 11241100x80000000000000006865354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fabf0eec0dd6422022-01-05 09:23:13.209root 11241100x80000000000000006865355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3952c23cbaa0022022-01-05 09:23:13.209root 11241100x80000000000000006865356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd7c7c5a6d82eba2022-01-05 09:23:13.209root 11241100x80000000000000006865357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d86039a40c8d8c52022-01-05 09:23:13.709root 11241100x80000000000000006865358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a4ed789b7cb10d2022-01-05 09:23:13.709root 11241100x80000000000000006865359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae67ff9422195772022-01-05 09:23:13.709root 11241100x80000000000000006865360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7d849c19cb84eb2022-01-05 09:23:14.209root 11241100x80000000000000006865361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4456be06ed525f2022-01-05 09:23:14.209root 11241100x80000000000000006865362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7f9f36d50c54842022-01-05 09:23:14.209root 11241100x80000000000000006865363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7498cddf77bb7642022-01-05 09:23:14.710root 11241100x80000000000000006865364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa3788b1ab9caa02022-01-05 09:23:14.710root 11241100x80000000000000006865365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035248075b0ba6c22022-01-05 09:23:14.710root 354300x80000000000000006865366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.099{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40764-false10.0.1.12-8000- 11241100x80000000000000006865367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.100{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d9438279d8dc4c2022-01-05 09:23:15.100root 11241100x80000000000000006865368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.100{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6dd33c82dec9db2022-01-05 09:23:15.100root 11241100x80000000000000006865369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.100{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e0ed99bf9fa6f2022-01-05 09:23:15.100root 11241100x80000000000000006865370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.100{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bbecdc0cc4da2f2022-01-05 09:23:15.100root 11241100x80000000000000006865371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b9c92f1cf3f2c42022-01-05 09:23:15.459root 11241100x80000000000000006865372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42243e4120b94a882022-01-05 09:23:15.459root 11241100x80000000000000006865373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a53e6d42d6e122022-01-05 09:23:15.459root 11241100x80000000000000006865374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af293cb2aba912342022-01-05 09:23:15.459root 11241100x80000000000000006865375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cb2ab34a57f9f2022-01-05 09:23:15.959root 11241100x80000000000000006865376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a09ac957d9d2a3a2022-01-05 09:23:15.959root 11241100x80000000000000006865377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8f6c6343aaff8c2022-01-05 09:23:15.959root 11241100x80000000000000006865378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36df05ea0240181c2022-01-05 09:23:15.959root 11241100x80000000000000006865379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06924c52d9344ec82022-01-05 09:23:16.459root 11241100x80000000000000006865380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4a6565ec52b9e62022-01-05 09:23:16.459root 11241100x80000000000000006865381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e125ce84fa11a4d2022-01-05 09:23:16.459root 11241100x80000000000000006865382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925312b8b60029b02022-01-05 09:23:16.459root 11241100x80000000000000006865383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf642200057309f52022-01-05 09:23:16.959root 11241100x80000000000000006865384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7172eafaa17b6d92022-01-05 09:23:16.959root 11241100x80000000000000006865385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d39477738c8c3372022-01-05 09:23:16.959root 11241100x80000000000000006865386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee1525f0cf268d2022-01-05 09:23:16.959root 11241100x80000000000000006865387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d005607aec68d92022-01-05 09:23:17.459root 11241100x80000000000000006865388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5faf2329e5d03e2022-01-05 09:23:17.459root 11241100x80000000000000006865389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041aebd15abc04002022-01-05 09:23:17.459root 11241100x80000000000000006865390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1fe59ed15cd5b22022-01-05 09:23:17.459root 11241100x80000000000000006865391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00e39a7ad4a1f402022-01-05 09:23:17.959root 11241100x80000000000000006865392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e1b6986b192202022-01-05 09:23:17.959root 11241100x80000000000000006865393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa157f65e83e97cc2022-01-05 09:23:17.959root 11241100x80000000000000006865394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3dd830a92eb76412022-01-05 09:23:17.959root 11241100x80000000000000006865395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0c4ff5f7eb271f2022-01-05 09:23:18.459root 11241100x80000000000000006865396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c1324250b1a3b02022-01-05 09:23:18.459root 11241100x80000000000000006865397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a03e51af67c1902022-01-05 09:23:18.459root 11241100x80000000000000006865398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08c1d573f5a83632022-01-05 09:23:18.459root 11241100x80000000000000006865399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf762bda40761252022-01-05 09:23:18.959root 11241100x80000000000000006865400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0443a2fe06d3295f2022-01-05 09:23:18.959root 11241100x80000000000000006865401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc05fbb73618c9c2022-01-05 09:23:18.959root 11241100x80000000000000006865402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:23:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559bb07e3a3fc3812022-01-05 09:23:18.959root