11241100x80000000000000006857657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfbac25e666df572022-01-05 09:18:19.460root 11241100x80000000000000006857658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3d3bba3b8c7ff42022-01-05 09:18:19.460root 11241100x80000000000000006857659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb6862e5d7a5332022-01-05 09:18:19.460root 11241100x80000000000000006857660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64298a9bf17e55462022-01-05 09:18:19.460root 11241100x80000000000000006857661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b739ab42672f01322022-01-05 09:18:19.461root 11241100x80000000000000006857662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93a569ab5ebefaf2022-01-05 09:18:19.461root 11241100x80000000000000006857663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296f13aaad2b668c2022-01-05 09:18:19.461root 11241100x80000000000000006857664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f95cd7d258b8042022-01-05 09:18:19.462root 11241100x80000000000000006857665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6f3fbe947707112022-01-05 09:18:19.462root 11241100x80000000000000006857666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f249fd9e027c62022-01-05 09:18:19.462root 11241100x80000000000000006857667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283dc4d371066f0a2022-01-05 09:18:19.463root 11241100x80000000000000006857668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4052bca653a9f212022-01-05 09:18:19.464root 11241100x80000000000000006857669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ab21823ea638242022-01-05 09:18:19.465root 11241100x80000000000000006857670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a1481d7b6148a2022-01-05 09:18:19.465root 11241100x80000000000000006857671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f87350c561ffa12022-01-05 09:18:19.467root 11241100x80000000000000006857672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e898ab52a578a7622022-01-05 09:18:19.467root 11241100x80000000000000006857673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4e11ae60de4a5e2022-01-05 09:18:19.467root 11241100x80000000000000006857674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd99b416c6303ffb2022-01-05 09:18:19.467root 11241100x80000000000000006857675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae7c8a79bb76bb32022-01-05 09:18:19.959root 11241100x80000000000000006857676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c82cd2eadc0a2aa2022-01-05 09:18:19.960root 11241100x80000000000000006857677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74336322f65460222022-01-05 09:18:19.960root 11241100x80000000000000006857678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fc030db2e2cb6e2022-01-05 09:18:19.960root 11241100x80000000000000006857679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e95a3d96cb79f172022-01-05 09:18:19.960root 11241100x80000000000000006857680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a75cc18ef7accee2022-01-05 09:18:19.961root 11241100x80000000000000006857681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14f0d5daef0c2cb2022-01-05 09:18:19.961root 11241100x80000000000000006857682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a74d2bceb91fbc2022-01-05 09:18:19.961root 11241100x80000000000000006857683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa9520fe1e0c49c2022-01-05 09:18:19.961root 11241100x80000000000000006857684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f31dc18fd76582022-01-05 09:18:19.961root 11241100x80000000000000006857685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cdaff745260d282022-01-05 09:18:19.962root 11241100x80000000000000006857686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59d94aae2a8d8502022-01-05 09:18:19.962root 11241100x80000000000000006857687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf4c73e0846e9182022-01-05 09:18:19.962root 11241100x80000000000000006857688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d5d2860889f0572022-01-05 09:18:19.962root 11241100x80000000000000006857689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e675fe6b34dc6a202022-01-05 09:18:19.962root 11241100x80000000000000006857690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2ff3d14a49aa832022-01-05 09:18:19.962root 11241100x80000000000000006857691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e164baf7709562022-01-05 09:18:19.962root 11241100x80000000000000006857692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6339adb9304109ad2022-01-05 09:18:19.962root 11241100x80000000000000006857693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f30d10d32e732022-01-05 09:18:20.462root 11241100x80000000000000006857694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa974cfcc5678ad2022-01-05 09:18:20.462root 11241100x80000000000000006857695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed27b59c30639bd2022-01-05 09:18:20.462root 11241100x80000000000000006857696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270915462933bf8d2022-01-05 09:18:20.463root 11241100x80000000000000006857697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf36c833aaf05b72022-01-05 09:18:20.463root 11241100x80000000000000006857698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2dcd152a745cbca2022-01-05 09:18:20.463root 11241100x80000000000000006857699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303fad0fd94133d62022-01-05 09:18:20.463root 11241100x80000000000000006857700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3809c776e2d741482022-01-05 09:18:20.463root 11241100x80000000000000006857701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172b83f95e68046f2022-01-05 09:18:20.463root 11241100x80000000000000006857702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd750f2b06fca2492022-01-05 09:18:20.463root 11241100x80000000000000006857703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5e751b040643292022-01-05 09:18:20.463root 11241100x80000000000000006857704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df34cd0aebcf655b2022-01-05 09:18:20.463root 11241100x80000000000000006857705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfdf517665494412022-01-05 09:18:20.463root 11241100x80000000000000006857706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060fee89b72a7b202022-01-05 09:18:20.463root 11241100x80000000000000006857707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828c3e063cc7afa32022-01-05 09:18:20.463root 11241100x80000000000000006857708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503360cb1a7632882022-01-05 09:18:20.464root 11241100x80000000000000006857709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7111957ded474da52022-01-05 09:18:20.464root 11241100x80000000000000006857710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638413f9b1fcea932022-01-05 09:18:20.464root 11241100x80000000000000006857711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da3acce2c92e1262022-01-05 09:18:20.960root 11241100x80000000000000006857712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450ef2bf75113fc2022-01-05 09:18:20.960root 11241100x80000000000000006857713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78192dd3703da7332022-01-05 09:18:20.960root 11241100x80000000000000006857714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4d0eebc680d1372022-01-05 09:18:20.960root 11241100x80000000000000006857715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67a6967ded549e92022-01-05 09:18:20.960root 11241100x80000000000000006857716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f9d6afd498bccd2022-01-05 09:18:20.960root 11241100x80000000000000006857717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90562c28208470352022-01-05 09:18:20.961root 11241100x80000000000000006857718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4018f3d4cc4537f2022-01-05 09:18:20.961root 11241100x80000000000000006857719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720e305a97c27c3c2022-01-05 09:18:20.961root 11241100x80000000000000006857720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7bafeb0c4d0592022-01-05 09:18:20.961root 11241100x80000000000000006857721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281ccf515e7f52602022-01-05 09:18:20.961root 11241100x80000000000000006857722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fd77fece158ba32022-01-05 09:18:20.961root 11241100x80000000000000006857723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a656ae57fb3383502022-01-05 09:18:20.961root 11241100x80000000000000006857724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1507efc704d0983f2022-01-05 09:18:20.962root 11241100x80000000000000006857725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09cbbd5df2b694e2022-01-05 09:18:20.962root 11241100x80000000000000006857726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c0c0d09c6ddf1a2022-01-05 09:18:20.962root 11241100x80000000000000006857727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f4479fc10706732022-01-05 09:18:20.962root 11241100x80000000000000006857728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:20.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c16d320acfa132022-01-05 09:18:20.962root 11241100x80000000000000006857729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0933cbc5d14690d12022-01-05 09:18:21.460root 11241100x80000000000000006857730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242bf3ed2a4376142022-01-05 09:18:21.460root 11241100x80000000000000006857731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d548dfaeaad5f032022-01-05 09:18:21.460root 11241100x80000000000000006857732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20973b225b73b99e2022-01-05 09:18:21.460root 11241100x80000000000000006857733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a422c6db8334bb312022-01-05 09:18:21.460root 11241100x80000000000000006857734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b8fc6634b88782022-01-05 09:18:21.460root 11241100x80000000000000006857735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8f916a4385ed5a2022-01-05 09:18:21.460root 11241100x80000000000000006857736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba2d97618e745bf2022-01-05 09:18:21.460root 11241100x80000000000000006857737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd73d98c7b892162022-01-05 09:18:21.460root 11241100x80000000000000006857738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8902adb11e426c42022-01-05 09:18:21.461root 11241100x80000000000000006857739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895ed069957d52b22022-01-05 09:18:21.461root 11241100x80000000000000006857740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18fc824fa631b502022-01-05 09:18:21.461root 11241100x80000000000000006857741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50167f0a3bbba9162022-01-05 09:18:21.461root 11241100x80000000000000006857742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc721093cf096452022-01-05 09:18:21.461root 11241100x80000000000000006857743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b712e73939a5ff2022-01-05 09:18:21.461root 11241100x80000000000000006857744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f084fb63bb5873f72022-01-05 09:18:21.461root 11241100x80000000000000006857745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c95166a4061982022-01-05 09:18:21.462root 11241100x80000000000000006857746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a009163ff4fdc42022-01-05 09:18:21.462root 11241100x80000000000000006857747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29221f9020fd25692022-01-05 09:18:21.959root 11241100x80000000000000006857748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b2af7a022bd8572022-01-05 09:18:21.959root 11241100x80000000000000006857749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a46a9342150d192022-01-05 09:18:21.959root 11241100x80000000000000006857750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cd54584e5a4a0a2022-01-05 09:18:21.959root 11241100x80000000000000006857751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64b12ab113a13882022-01-05 09:18:21.960root 11241100x80000000000000006857752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219e59c4c79199a92022-01-05 09:18:21.960root 11241100x80000000000000006857753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da9cee91b51c66d2022-01-05 09:18:21.960root 11241100x80000000000000006857754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaacabd15ae1ae72022-01-05 09:18:21.960root 11241100x80000000000000006857755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd11faac51e07a682022-01-05 09:18:21.960root 11241100x80000000000000006857756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2884b25356625b2022-01-05 09:18:21.960root 11241100x80000000000000006857757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad65fa88261b0ce2022-01-05 09:18:21.960root 11241100x80000000000000006857758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467979199c05cf5b2022-01-05 09:18:21.960root 11241100x80000000000000006857759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eda3713caa5510f2022-01-05 09:18:21.961root 11241100x80000000000000006857760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba47454d0a3bc12022-01-05 09:18:21.961root 11241100x80000000000000006857761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05245f06ba2ae852022-01-05 09:18:21.961root 11241100x80000000000000006857762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ca676bd99850642022-01-05 09:18:21.961root 11241100x80000000000000006857763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c596264c0e98a0b32022-01-05 09:18:21.961root 11241100x80000000000000006857764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da88021e32ece14c2022-01-05 09:18:21.961root 354300x80000000000000006857765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.175{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40648-false10.0.1.12-8000- 11241100x80000000000000006857766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124135ff8ffa08b02022-01-05 09:18:22.459root 11241100x80000000000000006857767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804c4e7bbd7218692022-01-05 09:18:22.459root 11241100x80000000000000006857768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8276ab4c7c5169c2022-01-05 09:18:22.459root 11241100x80000000000000006857769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6efd7e90073b1eb2022-01-05 09:18:22.459root 11241100x80000000000000006857770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4853a1a07780092022-01-05 09:18:22.460root 11241100x80000000000000006857771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6e81914fa8d3452022-01-05 09:18:22.460root 11241100x80000000000000006857772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc17d946b7f2de42022-01-05 09:18:22.460root 11241100x80000000000000006857773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b9a78e4df1ecc12022-01-05 09:18:22.460root 11241100x80000000000000006857774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142d9338a68ef7992022-01-05 09:18:22.460root 11241100x80000000000000006857775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a6a7f54a0eaf9a2022-01-05 09:18:22.460root 11241100x80000000000000006857776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f145cce391e5532022-01-05 09:18:22.461root 11241100x80000000000000006857777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7cb850706cdc622022-01-05 09:18:22.461root 11241100x80000000000000006857778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2898e6f79e303c8c2022-01-05 09:18:22.461root 11241100x80000000000000006857779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b0d69a8aec89f32022-01-05 09:18:22.461root 11241100x80000000000000006857780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710fe118a233a4e62022-01-05 09:18:22.461root 11241100x80000000000000006857781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3b90ece348b6502022-01-05 09:18:22.461root 11241100x80000000000000006857782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd793a6ba8ea6f52022-01-05 09:18:22.461root 11241100x80000000000000006857783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b8ef3d2237b6dd2022-01-05 09:18:22.461root 11241100x80000000000000006857784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb3910ab10555da2022-01-05 09:18:22.462root 11241100x80000000000000006857785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ac9d932a2b94ed2022-01-05 09:18:22.959root 11241100x80000000000000006857786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ab8815eb35be532022-01-05 09:18:22.960root 11241100x80000000000000006857787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c90cf362ceee672022-01-05 09:18:22.960root 11241100x80000000000000006857788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47505060c7bd92b72022-01-05 09:18:22.961root 11241100x80000000000000006857789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99f8e9711b52e382022-01-05 09:18:22.961root 11241100x80000000000000006857790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4deacf1f3b88ea2022-01-05 09:18:22.961root 11241100x80000000000000006857791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7233fd81e3c4062022-01-05 09:18:22.961root 11241100x80000000000000006857792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755877ad32adcc822022-01-05 09:18:22.961root 11241100x80000000000000006857793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c83fa33decdd0d2022-01-05 09:18:22.962root 11241100x80000000000000006857794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6460ba0d96f882022-01-05 09:18:22.962root 11241100x80000000000000006857795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd011aa4e9efcc892022-01-05 09:18:22.962root 11241100x80000000000000006857796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fd3d1c21b0ef712022-01-05 09:18:22.962root 11241100x80000000000000006857797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8faaa565cab46b02022-01-05 09:18:22.962root 11241100x80000000000000006857798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3512f8c30511842022-01-05 09:18:22.962root 11241100x80000000000000006857799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e398a75beaa06912022-01-05 09:18:22.962root 11241100x80000000000000006857800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3f38ef470bae452022-01-05 09:18:22.963root 11241100x80000000000000006857801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2436afbddb1cd3b2022-01-05 09:18:22.963root 11241100x80000000000000006857802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86ead844ef341f52022-01-05 09:18:22.963root 11241100x80000000000000006857803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:22.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4fa13e1da57a772022-01-05 09:18:22.963root 11241100x80000000000000006857804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9e0ac34ba1eedb2022-01-05 09:18:23.460root 11241100x80000000000000006857805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57f099d7ee4efd92022-01-05 09:18:23.460root 11241100x80000000000000006857806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355dd8f8d0012a2c2022-01-05 09:18:23.460root 11241100x80000000000000006857807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfd03127d2521092022-01-05 09:18:23.460root 11241100x80000000000000006857808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3945d49123ff98382022-01-05 09:18:23.461root 11241100x80000000000000006857809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b598dd18a198b5e2022-01-05 09:18:23.461root 11241100x80000000000000006857810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff934e1e847de882022-01-05 09:18:23.461root 11241100x80000000000000006857811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ccfb8bf0ee34092022-01-05 09:18:23.461root 11241100x80000000000000006857812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94785836f13bcbb42022-01-05 09:18:23.462root 11241100x80000000000000006857813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36267231d38da2b02022-01-05 09:18:23.462root 11241100x80000000000000006857814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafbf1406b456f802022-01-05 09:18:23.462root 11241100x80000000000000006857815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a3a4201ce68a342022-01-05 09:18:23.462root 11241100x80000000000000006857816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccebd0982b181d222022-01-05 09:18:23.462root 11241100x80000000000000006857817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475cabc0ccdf2c932022-01-05 09:18:23.463root 11241100x80000000000000006857818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a735fbfd2d28a0a42022-01-05 09:18:23.463root 11241100x80000000000000006857819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a42c9f7d0e11232022-01-05 09:18:23.463root 11241100x80000000000000006857820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7d6611167d8cf92022-01-05 09:18:23.463root 11241100x80000000000000006857821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626852e0ff689b842022-01-05 09:18:23.463root 11241100x80000000000000006857822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b94bbb9f5899e12022-01-05 09:18:23.463root 11241100x80000000000000006857823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383cf1918b97285c2022-01-05 09:18:23.960root 11241100x80000000000000006857824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca97455acedb79542022-01-05 09:18:23.960root 11241100x80000000000000006857825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a83ffd6fc8133102022-01-05 09:18:23.960root 11241100x80000000000000006857826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a7e6ba623d97e22022-01-05 09:18:23.960root 11241100x80000000000000006857827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571e571d3da5efe92022-01-05 09:18:23.960root 11241100x80000000000000006857828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091588e0cf604de62022-01-05 09:18:23.960root 11241100x80000000000000006857829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca005a3a357701922022-01-05 09:18:23.960root 11241100x80000000000000006857830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470558e0254b962b2022-01-05 09:18:23.960root 11241100x80000000000000006857831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ea9ed161b93eb02022-01-05 09:18:23.961root 11241100x80000000000000006857832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc98410df8c24032022-01-05 09:18:23.961root 11241100x80000000000000006857833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28837a0c0642841c2022-01-05 09:18:23.961root 11241100x80000000000000006857834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6599b419e603d22022-01-05 09:18:23.961root 11241100x80000000000000006857835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909b63ceff3207602022-01-05 09:18:23.961root 11241100x80000000000000006857836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9fc3bcf78ddb102022-01-05 09:18:23.961root 11241100x80000000000000006857837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b7cf71602667822022-01-05 09:18:23.961root 11241100x80000000000000006857838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4b6b820def25622022-01-05 09:18:23.961root 11241100x80000000000000006857839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb3993b085981512022-01-05 09:18:23.961root 11241100x80000000000000006857840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e9da0bbc88ca682022-01-05 09:18:23.961root 11241100x80000000000000006857841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf6587c91a12e4f2022-01-05 09:18:23.961root 11241100x80000000000000006857842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2391530767517c572022-01-05 09:18:24.460root 11241100x80000000000000006857843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef30180da446f1e2022-01-05 09:18:24.460root 11241100x80000000000000006857844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2f1de80e77416f2022-01-05 09:18:24.460root 11241100x80000000000000006857845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e615cca6f0de89112022-01-05 09:18:24.460root 11241100x80000000000000006857846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7f0fc701e2480e2022-01-05 09:18:24.460root 11241100x80000000000000006857847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa86244b6bf6c62022-01-05 09:18:24.460root 11241100x80000000000000006857848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d50c5eb50d8f7882022-01-05 09:18:24.460root 11241100x80000000000000006857849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e7ec3be659cd3e2022-01-05 09:18:24.460root 11241100x80000000000000006857850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec42504e291cb8a2022-01-05 09:18:24.460root 11241100x80000000000000006857851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f046e760cc0566ff2022-01-05 09:18:24.460root 11241100x80000000000000006857852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90c294d1e43b76d2022-01-05 09:18:24.461root 11241100x80000000000000006857853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723f20558d57b5122022-01-05 09:18:24.461root 11241100x80000000000000006857854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f19fe2091743642022-01-05 09:18:24.461root 11241100x80000000000000006857855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e71f243ad717a12022-01-05 09:18:24.461root 11241100x80000000000000006857856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d2a048d5f336d02022-01-05 09:18:24.461root 11241100x80000000000000006857857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5ccdd50afe0d42022-01-05 09:18:24.461root 11241100x80000000000000006857858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a5980e9bb029f32022-01-05 09:18:24.462root 11241100x80000000000000006857859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b83acb685da9742022-01-05 09:18:24.462root 11241100x80000000000000006857860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b63fdf90b52f3382022-01-05 09:18:24.462root 11241100x80000000000000006857861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc2d5e455458a012022-01-05 09:18:24.960root 11241100x80000000000000006857862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd1557955e59af42022-01-05 09:18:24.960root 11241100x80000000000000006857863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60a0e952e0f98a12022-01-05 09:18:24.960root 11241100x80000000000000006857864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112b9fec092939df2022-01-05 09:18:24.960root 11241100x80000000000000006857865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a8a82317e3df22022-01-05 09:18:24.960root 11241100x80000000000000006857866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832eb0b9c47ccd2b2022-01-05 09:18:24.960root 11241100x80000000000000006857867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad3cb073b483fd2022-01-05 09:18:24.961root 11241100x80000000000000006857868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a8d8297dafbf782022-01-05 09:18:24.961root 11241100x80000000000000006857869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292f4f8b5753cf262022-01-05 09:18:24.961root 11241100x80000000000000006857870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04099dbb55e464b92022-01-05 09:18:24.961root 11241100x80000000000000006857871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd86b99ce9bf98f72022-01-05 09:18:24.961root 11241100x80000000000000006857872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5dc617bd50c0a2022-01-05 09:18:24.961root 11241100x80000000000000006857873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c812f28320dec74e2022-01-05 09:18:24.961root 11241100x80000000000000006857874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fd28fe88e5c8a42022-01-05 09:18:24.961root 11241100x80000000000000006857875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce9a2ebdfba46d2022-01-05 09:18:24.962root 11241100x80000000000000006857876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87431d337dc40102022-01-05 09:18:24.962root 11241100x80000000000000006857877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccd00aa1351c5992022-01-05 09:18:24.962root 11241100x80000000000000006857878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33e51fe7bb2fa8f2022-01-05 09:18:24.962root 11241100x80000000000000006857879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:24.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f109bbff577f252022-01-05 09:18:24.962root 11241100x80000000000000006857880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd940812884e6312022-01-05 09:18:25.459root 11241100x80000000000000006857881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4455ee5e6f9a58852022-01-05 09:18:25.460root 11241100x80000000000000006857882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b1f3d8de9b63cb2022-01-05 09:18:25.460root 11241100x80000000000000006857883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1ef94c4a7a6c52022-01-05 09:18:25.460root 11241100x80000000000000006857884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c89b649cd7005e2022-01-05 09:18:25.460root 11241100x80000000000000006857885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5180bbc8d7ee50062022-01-05 09:18:25.460root 11241100x80000000000000006857886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15cbddcfd3fa44ba2022-01-05 09:18:25.460root 11241100x80000000000000006857887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f022fbf642fa352022-01-05 09:18:25.460root 11241100x80000000000000006857888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f81a444fcacf582022-01-05 09:18:25.461root 11241100x80000000000000006857889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce90bc2d017df6d92022-01-05 09:18:25.461root 11241100x80000000000000006857890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56567503f525806e2022-01-05 09:18:25.461root 11241100x80000000000000006857891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0baed34446ae37562022-01-05 09:18:25.461root 11241100x80000000000000006857892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d1bb01e1f309342022-01-05 09:18:25.461root 11241100x80000000000000006857893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d627a42fd3784862022-01-05 09:18:25.461root 11241100x80000000000000006857894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253df75d73a980a42022-01-05 09:18:25.462root 11241100x80000000000000006857895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef689fd85b09fa4a2022-01-05 09:18:25.462root 11241100x80000000000000006857896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ec9328163db2382022-01-05 09:18:25.462root 11241100x80000000000000006857897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a3c5af505324692022-01-05 09:18:25.462root 11241100x80000000000000006857898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18bafd1ea9a61ff2022-01-05 09:18:25.462root 11241100x80000000000000006857899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e206f6a87227230b2022-01-05 09:18:25.960root 11241100x80000000000000006857900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df48453d3c12c1b2022-01-05 09:18:25.960root 11241100x80000000000000006857901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3c2438c09763e92022-01-05 09:18:25.960root 11241100x80000000000000006857902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f534cb89146feb2022-01-05 09:18:25.960root 11241100x80000000000000006857903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a745764789d682022-01-05 09:18:25.960root 11241100x80000000000000006857904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79867beb436b86672022-01-05 09:18:25.960root 11241100x80000000000000006857905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c82cb8a0ff6120e2022-01-05 09:18:25.960root 11241100x80000000000000006857906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931f54db9c4dd2072022-01-05 09:18:25.961root 11241100x80000000000000006857907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d77d05aa623b78e2022-01-05 09:18:25.961root 11241100x80000000000000006857908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44dae4acc0902c102022-01-05 09:18:25.961root 11241100x80000000000000006857909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd18b844c478d662022-01-05 09:18:25.961root 11241100x80000000000000006857910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20eb423adecfe752022-01-05 09:18:25.961root 11241100x80000000000000006857911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1582e0c555fe6f2022-01-05 09:18:25.961root 11241100x80000000000000006857912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa05df1b4abf43042022-01-05 09:18:25.961root 11241100x80000000000000006857913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df9dc95d2b415c22022-01-05 09:18:25.961root 11241100x80000000000000006857914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fed6c11636035642022-01-05 09:18:25.961root 11241100x80000000000000006857915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a97e1bf3b5e9672022-01-05 09:18:25.963root 11241100x80000000000000006857916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754e22558393bd8d2022-01-05 09:18:25.963root 11241100x80000000000000006857917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:25.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f00f42f63b99c3b2022-01-05 09:18:25.963root 11241100x80000000000000006857918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea3a0774648f7352022-01-05 09:18:26.459root 11241100x80000000000000006857919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe4176add9f55cb2022-01-05 09:18:26.459root 11241100x80000000000000006857920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9403be9ef2eb2d712022-01-05 09:18:26.460root 11241100x80000000000000006857921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5111d83e226a8002022-01-05 09:18:26.460root 11241100x80000000000000006857922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787718a57acce9ef2022-01-05 09:18:26.460root 11241100x80000000000000006857923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7950997a76835fa92022-01-05 09:18:26.460root 11241100x80000000000000006857924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff962bd0f2b9a93a2022-01-05 09:18:26.460root 11241100x80000000000000006857925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab5915c6fbead912022-01-05 09:18:26.461root 11241100x80000000000000006857926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c98d577aad703c2022-01-05 09:18:26.461root 11241100x80000000000000006857927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e4a39a7e919c742022-01-05 09:18:26.461root 11241100x80000000000000006857928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b781df3a17f6be612022-01-05 09:18:26.461root 11241100x80000000000000006857929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edb19ebe4e61fe12022-01-05 09:18:26.461root 11241100x80000000000000006857930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9abae4ccd85e6c22022-01-05 09:18:26.461root 11241100x80000000000000006857931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ff4d6e07eee6b12022-01-05 09:18:26.462root 11241100x80000000000000006857932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93fd5bd713a2ece2022-01-05 09:18:26.462root 11241100x80000000000000006857933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbac4dd20bb966b82022-01-05 09:18:26.462root 11241100x80000000000000006857934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395dda73b25886182022-01-05 09:18:26.462root 11241100x80000000000000006857935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9ca044b3f80ac52022-01-05 09:18:26.463root 11241100x80000000000000006857936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33770f2746ed2a322022-01-05 09:18:26.463root 11241100x80000000000000006857937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cb1b5e64446bb82022-01-05 09:18:26.959root 11241100x80000000000000006857938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647095e142124ec32022-01-05 09:18:26.960root 11241100x80000000000000006857939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1346e97fe8341fd2022-01-05 09:18:26.960root 11241100x80000000000000006857940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6610706c0f9352542022-01-05 09:18:26.961root 11241100x80000000000000006857941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9746ce570a320a42022-01-05 09:18:26.961root 11241100x80000000000000006857942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d0a2b4bbc693112022-01-05 09:18:26.961root 11241100x80000000000000006857943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7194b8775ef163cb2022-01-05 09:18:26.961root 11241100x80000000000000006857944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad78d26da00b85622022-01-05 09:18:26.961root 11241100x80000000000000006857945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b336a3a00f0d1b2022-01-05 09:18:26.961root 11241100x80000000000000006857946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e203214e52a8d4ae2022-01-05 09:18:26.961root 11241100x80000000000000006857947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f6138c0066f272022-01-05 09:18:26.962root 11241100x80000000000000006857948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b053f1c56a51c12022-01-05 09:18:26.962root 11241100x80000000000000006857949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f001f820a627e4752022-01-05 09:18:26.962root 11241100x80000000000000006857950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32087ba3d266e7c42022-01-05 09:18:26.962root 11241100x80000000000000006857951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6c2756989518412022-01-05 09:18:26.963root 11241100x80000000000000006857952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432be9b79b67c2312022-01-05 09:18:26.963root 11241100x80000000000000006857953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e203699684a796c2022-01-05 09:18:26.963root 11241100x80000000000000006857954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368e5d6136cedfd22022-01-05 09:18:26.963root 11241100x80000000000000006857955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:26.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc8fa6063b4ad122022-01-05 09:18:26.964root 354300x80000000000000006857956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.237{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40650-false10.0.1.12-8000- 11241100x80000000000000006857957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87a7f3eca330fad2022-01-05 09:18:27.238root 11241100x80000000000000006857958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d871290bf15312022-01-05 09:18:27.238root 11241100x80000000000000006857959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d906504504009f592022-01-05 09:18:27.238root 11241100x80000000000000006857960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3aaf52d417a0432022-01-05 09:18:27.238root 11241100x80000000000000006857961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc925da073868d512022-01-05 09:18:27.238root 11241100x80000000000000006857962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.238{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abd9c79a5afa7542022-01-05 09:18:27.238root 11241100x80000000000000006857963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7eccc7072d735d2022-01-05 09:18:27.239root 11241100x80000000000000006857964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddafba287f59a2f2022-01-05 09:18:27.239root 11241100x80000000000000006857965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058e51158ee67cf52022-01-05 09:18:27.239root 11241100x80000000000000006857966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cbd0cf0c6822822022-01-05 09:18:27.239root 11241100x80000000000000006857967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ae4b5ac7624df2022-01-05 09:18:27.239root 11241100x80000000000000006857968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.239{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67674bad333b52f82022-01-05 09:18:27.239root 11241100x80000000000000006857969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83df099492b00f42022-01-05 09:18:27.240root 11241100x80000000000000006857970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da8519b388ae4c2022-01-05 09:18:27.240root 11241100x80000000000000006857971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c497ab0b192102022-01-05 09:18:27.240root 11241100x80000000000000006857972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ade9c9f5cace582022-01-05 09:18:27.240root 11241100x80000000000000006857973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27dc8e91aec29b2022-01-05 09:18:27.240root 11241100x80000000000000006857974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef22f0da31cafe72022-01-05 09:18:27.240root 11241100x80000000000000006857975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.240{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0efc4e638790b82022-01-05 09:18:27.240root 11241100x80000000000000006857976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.241{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed763beae8fef0e2022-01-05 09:18:27.241root 11241100x80000000000000006857977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37b1e7f847dce7c2022-01-05 09:18:27.709root 11241100x80000000000000006857978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41854c4c56a3fd192022-01-05 09:18:27.709root 11241100x80000000000000006857979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a2bb8a29f3187e2022-01-05 09:18:27.710root 11241100x80000000000000006857980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26b0b4fc2f8fbe42022-01-05 09:18:27.710root 11241100x80000000000000006857981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f3efe36d16c6d2022-01-05 09:18:27.710root 11241100x80000000000000006857982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb5e7deecfc1712022-01-05 09:18:27.710root 11241100x80000000000000006857983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39c8b6e641668122022-01-05 09:18:27.710root 11241100x80000000000000006857984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23eae37ca3efa5fb2022-01-05 09:18:27.710root 11241100x80000000000000006857985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb29ccd4b3e97752022-01-05 09:18:27.711root 11241100x80000000000000006857986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6aca8219fc24d72022-01-05 09:18:27.711root 11241100x80000000000000006857987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed288a222e4064c2022-01-05 09:18:27.711root 11241100x80000000000000006857988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b02683f2080c8282022-01-05 09:18:27.711root 11241100x80000000000000006857989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc897f5aa64ee9d02022-01-05 09:18:27.711root 11241100x80000000000000006857990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d737ab72d17a1a2022-01-05 09:18:27.711root 11241100x80000000000000006857991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778e11eaf88ced402022-01-05 09:18:27.712root 11241100x80000000000000006857992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a324896d3e9200b2022-01-05 09:18:27.712root 11241100x80000000000000006857993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f576e189727040f02022-01-05 09:18:27.712root 11241100x80000000000000006857994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852fc5aa6ba5dec62022-01-05 09:18:27.712root 11241100x80000000000000006857995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c81b4db1bdefe2022-01-05 09:18:27.712root 11241100x80000000000000006857996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:27.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf368012336c35fc2022-01-05 09:18:27.713root 11241100x80000000000000006857997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd64445dc347ca02022-01-05 09:18:28.210root 11241100x80000000000000006857998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a66526f2bb931c2022-01-05 09:18:28.210root 11241100x80000000000000006857999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdf144f7693b13d2022-01-05 09:18:28.210root 11241100x80000000000000006858000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1711fd00f330852022-01-05 09:18:28.210root 11241100x80000000000000006858001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75eedecd029127ab2022-01-05 09:18:28.210root 11241100x80000000000000006858002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f319ab1879e5e12022-01-05 09:18:28.211root 11241100x80000000000000006858003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be9309fe9bc6ca02022-01-05 09:18:28.211root 11241100x80000000000000006858004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc49a80384fdf322022-01-05 09:18:28.211root 11241100x80000000000000006858005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505d439fd10e827b2022-01-05 09:18:28.211root 11241100x80000000000000006858006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab63ebcf6c0bc19f2022-01-05 09:18:28.211root 11241100x80000000000000006858007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f9fb21076f282f2022-01-05 09:18:28.211root 11241100x80000000000000006858008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759e42d0b9a042372022-01-05 09:18:28.212root 11241100x80000000000000006858009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee905b1dc56b532022-01-05 09:18:28.212root 11241100x80000000000000006858010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa433e13430f0da2022-01-05 09:18:28.212root 11241100x80000000000000006858011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e5dd900550ade2022-01-05 09:18:28.212root 11241100x80000000000000006858012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b840400b44f8c3f2022-01-05 09:18:28.213root 11241100x80000000000000006858013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffff97c56afd8ac42022-01-05 09:18:28.213root 11241100x80000000000000006858014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a43aa04bb4e1842022-01-05 09:18:28.213root 11241100x80000000000000006858015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f804e4001e434562022-01-05 09:18:28.213root 11241100x80000000000000006858016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91697066711e1fa2022-01-05 09:18:28.213root 11241100x80000000000000006858017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb29c7f94dad4f632022-01-05 09:18:28.709root 11241100x80000000000000006858018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d160ee329483ca2022-01-05 09:18:28.709root 11241100x80000000000000006858019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d60ec6418e83362022-01-05 09:18:28.710root 11241100x80000000000000006858020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b8379302d2f0f2022-01-05 09:18:28.710root 11241100x80000000000000006858021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e55d28b9b9b06ea2022-01-05 09:18:28.710root 11241100x80000000000000006858022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605bee7ddb8f6aeb2022-01-05 09:18:28.710root 11241100x80000000000000006858023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2169e41b07f3f2342022-01-05 09:18:28.710root 11241100x80000000000000006858024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3315889d2718f2022-01-05 09:18:28.710root 11241100x80000000000000006858025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e5cf799dfb65002022-01-05 09:18:28.711root 11241100x80000000000000006858026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a6a6e553f01802022-01-05 09:18:28.711root 11241100x80000000000000006858027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569824ff1a214ed82022-01-05 09:18:28.711root 11241100x80000000000000006858028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6fb14f1c721dd62022-01-05 09:18:28.711root 11241100x80000000000000006858029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b028a13ca2629d72022-01-05 09:18:28.711root 11241100x80000000000000006858030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d029e1cd49ef93822022-01-05 09:18:28.712root 11241100x80000000000000006858031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d74795a29c40f7f2022-01-05 09:18:28.712root 11241100x80000000000000006858032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f489abcaa1f542b2022-01-05 09:18:28.712root 11241100x80000000000000006858033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd67c02578fdebcb2022-01-05 09:18:28.712root 11241100x80000000000000006858034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3d7738c489eaa32022-01-05 09:18:28.712root 11241100x80000000000000006858035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99def31060504cd22022-01-05 09:18:28.712root 11241100x80000000000000006858036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:28.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c7bbc4953864202022-01-05 09:18:28.713root 11241100x80000000000000006858037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d81f8ea88bdb82022-01-05 09:18:29.209root 11241100x80000000000000006858038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4499f71e49142aa02022-01-05 09:18:29.209root 11241100x80000000000000006858039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b450600149073b2b2022-01-05 09:18:29.209root 11241100x80000000000000006858040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177c9fe084d657e2022-01-05 09:18:29.210root 11241100x80000000000000006858041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704fa9aa4b2bec02022-01-05 09:18:29.210root 11241100x80000000000000006858042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e508a0a0b33cf62022-01-05 09:18:29.210root 11241100x80000000000000006858043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313451169e3fb5e82022-01-05 09:18:29.210root 11241100x80000000000000006858044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba4c5141e46dcb22022-01-05 09:18:29.210root 11241100x80000000000000006858045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d31d2b91e1d4562022-01-05 09:18:29.210root 11241100x80000000000000006858046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8083eb4fc101b98d2022-01-05 09:18:29.211root 11241100x80000000000000006858047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c13269de2c48a2022-01-05 09:18:29.211root 11241100x80000000000000006858048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c1f7757aa6920a2022-01-05 09:18:29.211root 11241100x80000000000000006858049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a75f8b969631eb62022-01-05 09:18:29.211root 11241100x80000000000000006858050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9a49cc03dd52082022-01-05 09:18:29.212root 11241100x80000000000000006858051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b12e323c95976e42022-01-05 09:18:29.212root 11241100x80000000000000006858052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9e7beb81f7e0cb2022-01-05 09:18:29.212root 11241100x80000000000000006858053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2012eadb37eeef2022-01-05 09:18:29.213root 11241100x80000000000000006858054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2491c438f849bb402022-01-05 09:18:29.214root 11241100x80000000000000006858055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e1f023ad49e31a2022-01-05 09:18:29.214root 11241100x80000000000000006858056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d2a9a9ac50303f2022-01-05 09:18:29.214root 11241100x80000000000000006858057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:18:29.402root 11241100x80000000000000006858058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e29f67b44d389512022-01-05 09:18:29.710root 11241100x80000000000000006858059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9466dee605fb23512022-01-05 09:18:29.710root 11241100x80000000000000006858060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd90a54624d773b2022-01-05 09:18:29.710root 11241100x80000000000000006858061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c1002c30959fcb2022-01-05 09:18:29.710root 11241100x80000000000000006858062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3066863fe117ba2022-01-05 09:18:29.710root 11241100x80000000000000006858063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8575825c24feac22022-01-05 09:18:29.710root 11241100x80000000000000006858064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f7fd9fefd07ed12022-01-05 09:18:29.710root 11241100x80000000000000006858065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2fae26414d5f232022-01-05 09:18:29.710root 11241100x80000000000000006858066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ce3d14f122b412022-01-05 09:18:29.710root 11241100x80000000000000006858067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e1ffd0957787062022-01-05 09:18:29.711root 11241100x80000000000000006858068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81523ce203f9d3182022-01-05 09:18:29.711root 11241100x80000000000000006858069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaef91d28703ee12022-01-05 09:18:29.711root 11241100x80000000000000006858070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6354259361c5fc1d2022-01-05 09:18:29.711root 11241100x80000000000000006858071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55bfc6925e1147a2022-01-05 09:18:29.711root 11241100x80000000000000006858072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a71828dce846f2f2022-01-05 09:18:29.711root 11241100x80000000000000006858073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da13a81c5a69e2c2022-01-05 09:18:29.711root 11241100x80000000000000006858074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef88d8e292a46f72022-01-05 09:18:29.711root 11241100x80000000000000006858075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a301005f29f589dd2022-01-05 09:18:29.712root 11241100x80000000000000006858076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f70df6d0a9a87012022-01-05 09:18:29.712root 11241100x80000000000000006858077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1132ba82ad63ee62022-01-05 09:18:29.712root 11241100x80000000000000006858078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede23a6b75ffaa4e2022-01-05 09:18:29.713root 11241100x80000000000000006858079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857f9bff66ec68832022-01-05 09:18:30.210root 11241100x80000000000000006858080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cadfe825546e972022-01-05 09:18:30.210root 11241100x80000000000000006858081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3871660797375d6e2022-01-05 09:18:30.210root 11241100x80000000000000006858082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8adada9961596f52022-01-05 09:18:30.210root 11241100x80000000000000006858083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e58c0f19ef95a92022-01-05 09:18:30.211root 11241100x80000000000000006858084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02316340fa6fb4bc2022-01-05 09:18:30.211root 11241100x80000000000000006858085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83604637d97da4022022-01-05 09:18:30.211root 11241100x80000000000000006858086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0363045e4b096be62022-01-05 09:18:30.211root 11241100x80000000000000006858087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18acf324c133781b2022-01-05 09:18:30.211root 11241100x80000000000000006858088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efe3c70aa2036062022-01-05 09:18:30.211root 11241100x80000000000000006858089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d86086b95262edb2022-01-05 09:18:30.212root 11241100x80000000000000006858090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecdd0fb185c42992022-01-05 09:18:30.212root 11241100x80000000000000006858091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137f98e04fe3edb12022-01-05 09:18:30.212root 11241100x80000000000000006858092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aee373262c038d2022-01-05 09:18:30.212root 11241100x80000000000000006858093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8085e4d80c25036f2022-01-05 09:18:30.213root 11241100x80000000000000006858094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f64503302a4a9d12022-01-05 09:18:30.214root 11241100x80000000000000006858095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b98684a595a0022022-01-05 09:18:30.214root 11241100x80000000000000006858096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db127a8a907f5032022-01-05 09:18:30.214root 11241100x80000000000000006858097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46579e4112c3e20a2022-01-05 09:18:30.215root 11241100x80000000000000006858098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b7336f5394b7a62022-01-05 09:18:30.215root 11241100x80000000000000006858099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee4e1d7103cdee32022-01-05 09:18:30.216root 11241100x80000000000000006858100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9810105101ad5c12022-01-05 09:18:30.710root 11241100x80000000000000006858101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37398a2f33d014d22022-01-05 09:18:30.710root 11241100x80000000000000006858102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f14fd1b57c53042022-01-05 09:18:30.710root 11241100x80000000000000006858103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ce84656bf85ccd2022-01-05 09:18:30.710root 11241100x80000000000000006858104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39de1b0cb5c002852022-01-05 09:18:30.710root 11241100x80000000000000006858105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e173bbd91839b31e2022-01-05 09:18:30.710root 11241100x80000000000000006858106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5a2a2d2132a0072022-01-05 09:18:30.711root 11241100x80000000000000006858107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d3dfb6f9a779092022-01-05 09:18:30.711root 11241100x80000000000000006858108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5154a830527631d2022-01-05 09:18:30.711root 11241100x80000000000000006858109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c4f7d26f8179552022-01-05 09:18:30.711root 11241100x80000000000000006858110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3633cec3e72f842022-01-05 09:18:30.711root 11241100x80000000000000006858111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5cd75d12c34c7a2022-01-05 09:18:30.711root 11241100x80000000000000006858112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d4191245b837142022-01-05 09:18:30.711root 11241100x80000000000000006858113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00df310520ea7cc02022-01-05 09:18:30.711root 11241100x80000000000000006858114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432f2760e22d95862022-01-05 09:18:30.712root 11241100x80000000000000006858115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5275fa90996c17bb2022-01-05 09:18:30.712root 11241100x80000000000000006858116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae834b343d6938b2022-01-05 09:18:30.712root 11241100x80000000000000006858117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35117dacdec7509e2022-01-05 09:18:30.712root 11241100x80000000000000006858118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceef606060446102022-01-05 09:18:30.712root 11241100x80000000000000006858119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ea290881f750972022-01-05 09:18:30.712root 11241100x80000000000000006858120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12b4b35c58d72222022-01-05 09:18:30.712root 11241100x80000000000000006858121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a546af28d98e6632022-01-05 09:18:31.210root 11241100x80000000000000006858122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d800216ad8f85fe02022-01-05 09:18:31.210root 11241100x80000000000000006858123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b43403ffe8c012022-01-05 09:18:31.210root 11241100x80000000000000006858124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a457ce21291d8612022-01-05 09:18:31.210root 11241100x80000000000000006858125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb7ace8605bc9cd2022-01-05 09:18:31.210root 11241100x80000000000000006858126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2e0670a4b3aae02022-01-05 09:18:31.210root 11241100x80000000000000006858127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0ef6cc251a24a2022-01-05 09:18:31.210root 11241100x80000000000000006858128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6245b96f576962f2022-01-05 09:18:31.211root 11241100x80000000000000006858129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a827333517c2a7b2022-01-05 09:18:31.211root 11241100x80000000000000006858130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef6771d2c2056ce2022-01-05 09:18:31.211root 11241100x80000000000000006858131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2929e69149984bd2022-01-05 09:18:31.211root 11241100x80000000000000006858132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007990f22d86a03c2022-01-05 09:18:31.211root 11241100x80000000000000006858133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454843ed1a4d2f72022-01-05 09:18:31.211root 11241100x80000000000000006858134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34533ff872940d512022-01-05 09:18:31.211root 11241100x80000000000000006858135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d686bbb47f9533612022-01-05 09:18:31.211root 11241100x80000000000000006858136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c845d3e200eb77142022-01-05 09:18:31.211root 11241100x80000000000000006858137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2445d7a05c0a412022-01-05 09:18:31.211root 11241100x80000000000000006858138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a0687f54f946d2022-01-05 09:18:31.212root 11241100x80000000000000006858139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dda708f8ab404f2022-01-05 09:18:31.212root 11241100x80000000000000006858140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9534fdede0b06dd42022-01-05 09:18:31.212root 11241100x80000000000000006858141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e34d9640e829852022-01-05 09:18:31.212root 11241100x80000000000000006858142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a805ab54c8c7c22022-01-05 09:18:31.710root 11241100x80000000000000006858143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4b5e10823004732022-01-05 09:18:31.710root 11241100x80000000000000006858144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da65fc807f15072022-01-05 09:18:31.710root 11241100x80000000000000006858145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aabfb61469535b2022-01-05 09:18:31.710root 11241100x80000000000000006858146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9fa6052cc976b62022-01-05 09:18:31.710root 11241100x80000000000000006858147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0e5b04fa77a6772022-01-05 09:18:31.710root 11241100x80000000000000006858148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ef9be63f5ac0c2022-01-05 09:18:31.710root 11241100x80000000000000006858149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484745c8fcc9c872022-01-05 09:18:31.711root 11241100x80000000000000006858150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ced3f4b608c0dfd2022-01-05 09:18:31.711root 11241100x80000000000000006858151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab83fb566cc01b2022-01-05 09:18:31.711root 11241100x80000000000000006858152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3909750d2516d93b2022-01-05 09:18:31.711root 11241100x80000000000000006858153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868f279a358973652022-01-05 09:18:31.711root 11241100x80000000000000006858154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0837c35a1750982022-01-05 09:18:31.711root 11241100x80000000000000006858155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4586239f46356cfb2022-01-05 09:18:31.711root 11241100x80000000000000006858156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dd906a266f37c02022-01-05 09:18:31.711root 11241100x80000000000000006858157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8524440c9b32742d2022-01-05 09:18:31.712root 11241100x80000000000000006858158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0b12fb293a18622022-01-05 09:18:31.712root 11241100x80000000000000006858159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9124e5b7a4255a422022-01-05 09:18:31.712root 11241100x80000000000000006858160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa43b398fefb32d2022-01-05 09:18:31.712root 11241100x80000000000000006858161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54eb2add8a34a5a2022-01-05 09:18:31.712root 11241100x80000000000000006858162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe358780f74e6712022-01-05 09:18:31.712root 11241100x80000000000000006858163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bebfd2f25d926f62022-01-05 09:18:32.210root 11241100x80000000000000006858164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92878d1d32df23a42022-01-05 09:18:32.210root 11241100x80000000000000006858165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80dee178fb7fa352022-01-05 09:18:32.210root 11241100x80000000000000006858166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446446d3466a54a2022-01-05 09:18:32.210root 11241100x80000000000000006858167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7331f6d85562b522022-01-05 09:18:32.210root 11241100x80000000000000006858168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76929e5ae7a3dff72022-01-05 09:18:32.210root 11241100x80000000000000006858169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca74580f52ca381a2022-01-05 09:18:32.210root 11241100x80000000000000006858170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7502d3076e4de4332022-01-05 09:18:32.210root 11241100x80000000000000006858171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abebcf051858219f2022-01-05 09:18:32.210root 11241100x80000000000000006858172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206da319fa6220d02022-01-05 09:18:32.211root 11241100x80000000000000006858173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8074f0ea629608292022-01-05 09:18:32.211root 11241100x80000000000000006858174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca666cf8a463e6ad2022-01-05 09:18:32.211root 11241100x80000000000000006858175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe8abad1ba2e8fa2022-01-05 09:18:32.211root 11241100x80000000000000006858176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539caf186995aef32022-01-05 09:18:32.211root 11241100x80000000000000006858177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b72491288a00972022-01-05 09:18:32.211root 11241100x80000000000000006858178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c10b3662ab2b3a2022-01-05 09:18:32.211root 11241100x80000000000000006858179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f903ddabfecdaa92022-01-05 09:18:32.212root 11241100x80000000000000006858180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d6571403024d852022-01-05 09:18:32.212root 11241100x80000000000000006858181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76475a34251f50632022-01-05 09:18:32.212root 11241100x80000000000000006858182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c54283f26494412022-01-05 09:18:32.212root 11241100x80000000000000006858183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafe6f6c0911c7b02022-01-05 09:18:32.212root 23542300x80000000000000006858184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.403{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006858185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d47709422f9c66d2022-01-05 09:18:32.710root 11241100x80000000000000006858186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d53a20aa377e1162022-01-05 09:18:32.710root 11241100x80000000000000006858187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b939f8546e3ea6af2022-01-05 09:18:32.710root 11241100x80000000000000006858188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a511a6562d879a52022-01-05 09:18:32.710root 11241100x80000000000000006858189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f770534ba5c031992022-01-05 09:18:32.710root 11241100x80000000000000006858190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352279dd106dc3362022-01-05 09:18:32.710root 11241100x80000000000000006858191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31342466b0cd0b0f2022-01-05 09:18:32.710root 11241100x80000000000000006858192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f4b3c55d4f72f82022-01-05 09:18:32.710root 11241100x80000000000000006858193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07872be12817d3692022-01-05 09:18:32.711root 11241100x80000000000000006858194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfc6a358a4847c72022-01-05 09:18:32.711root 11241100x80000000000000006858195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955b409fb2077f262022-01-05 09:18:32.711root 11241100x80000000000000006858196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d559302c5f28552022-01-05 09:18:32.711root 11241100x80000000000000006858197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a693abe3c723f072022-01-05 09:18:32.711root 11241100x80000000000000006858198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f163920bedbcac2022-01-05 09:18:32.711root 11241100x80000000000000006858199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef662d7b8afe76672022-01-05 09:18:32.711root 11241100x80000000000000006858200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3dbedb0f4a29672022-01-05 09:18:32.711root 11241100x80000000000000006858201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e73842f1e9b0a912022-01-05 09:18:32.712root 11241100x80000000000000006858202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e0210a0d1aea042022-01-05 09:18:32.712root 11241100x80000000000000006858203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dc6a91e739b9c02022-01-05 09:18:32.712root 11241100x80000000000000006858204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9800e17e5697462022-01-05 09:18:32.712root 11241100x80000000000000006858205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b0c5221808af562022-01-05 09:18:32.712root 11241100x80000000000000006858206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65011a698e5600382022-01-05 09:18:32.712root 354300x80000000000000006858207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.052{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40652-false10.0.1.12-8000- 11241100x80000000000000006858208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.052{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61315fbf898e12c02022-01-05 09:18:33.052root 11241100x80000000000000006858209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.052{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a9d2085a524b092022-01-05 09:18:33.052root 11241100x80000000000000006858210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c193413982571e02022-01-05 09:18:33.053root 11241100x80000000000000006858211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf428519290313652022-01-05 09:18:33.053root 11241100x80000000000000006858212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbab6e017e3f8e152022-01-05 09:18:33.053root 11241100x80000000000000006858213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc99082f483f753c2022-01-05 09:18:33.053root 11241100x80000000000000006858214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02120a913573dbe72022-01-05 09:18:33.053root 11241100x80000000000000006858215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090a3a4e7f6e27ae2022-01-05 09:18:33.053root 11241100x80000000000000006858216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a11eb429cbcfe7e2022-01-05 09:18:33.053root 11241100x80000000000000006858217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.053{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d26de46f1157602022-01-05 09:18:33.053root 11241100x80000000000000006858218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1acd6e36041eac2022-01-05 09:18:33.054root 11241100x80000000000000006858219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee5be8bee1f00ea2022-01-05 09:18:33.054root 11241100x80000000000000006858220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f8b1ef9186fff22022-01-05 09:18:33.054root 11241100x80000000000000006858221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d8d42e08868ffe2022-01-05 09:18:33.054root 11241100x80000000000000006858222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba18ad4f59c1f522022-01-05 09:18:33.054root 11241100x80000000000000006858223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a8ad4c3374f8e42022-01-05 09:18:33.054root 11241100x80000000000000006858224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a302ac9166e662022-01-05 09:18:33.054root 11241100x80000000000000006858225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f065a52539b5f92022-01-05 09:18:33.054root 11241100x80000000000000006858226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40cdb1d1c52e9372022-01-05 09:18:33.054root 11241100x80000000000000006858227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.054{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474de3cc45f4443f2022-01-05 09:18:33.054root 11241100x80000000000000006858228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fff7e0458d862342022-01-05 09:18:33.055root 11241100x80000000000000006858229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4482bf9e39c90152022-01-05 09:18:33.055root 11241100x80000000000000006858230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156ee7f0ee82cfe32022-01-05 09:18:33.055root 11241100x80000000000000006858231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf984e076e46c7e2022-01-05 09:18:33.055root 11241100x80000000000000006858232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9831424e8d2bf5e12022-01-05 09:18:33.055root 11241100x80000000000000006858233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57d69410c3d1a92022-01-05 09:18:33.055root 11241100x80000000000000006858234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7687fdb7f6940592022-01-05 09:18:33.055root 11241100x80000000000000006858235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fc607139a775c82022-01-05 09:18:33.055root 11241100x80000000000000006858236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.055{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b458818ce6bd3d32022-01-05 09:18:33.055root 11241100x80000000000000006858237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c19db2ef2bf932022-01-05 09:18:33.056root 11241100x80000000000000006858238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231ddb18b29e4b492022-01-05 09:18:33.056root 11241100x80000000000000006858239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90835627bc099f7d2022-01-05 09:18:33.056root 11241100x80000000000000006858240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.056{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4fdc0f7c0462c32022-01-05 09:18:33.056root 11241100x80000000000000006858241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b081334b1558a2022-01-05 09:18:33.058root 11241100x80000000000000006858242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ecee5250cf1372022-01-05 09:18:33.058root 11241100x80000000000000006858243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.058{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd6ec5c41a300d32022-01-05 09:18:33.058root 354300x80000000000000006858244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.427{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41134-false10.0.1.12-8089- 11241100x80000000000000006858245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295da6b7f84719ed2022-01-05 09:18:33.428root 11241100x80000000000000006858246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5989c0de6068cbe2022-01-05 09:18:33.428root 11241100x80000000000000006858247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56df3dcef73dd5c92022-01-05 09:18:33.428root 11241100x80000000000000006858248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965d9921e3c1182e2022-01-05 09:18:33.428root 11241100x80000000000000006858249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.428{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4350577dda4fb82022-01-05 09:18:33.428root 11241100x80000000000000006858250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.429{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea3e45307a1bbe2022-01-05 09:18:33.429root 11241100x80000000000000006858251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.429{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b7b3e580a13af02022-01-05 09:18:33.429root 11241100x80000000000000006858252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.429{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae08c23e5a89c9d2022-01-05 09:18:33.429root 11241100x80000000000000006858253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c154c086e2780b412022-01-05 09:18:33.430root 11241100x80000000000000006858254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662f68a2d951b6e22022-01-05 09:18:33.430root 11241100x80000000000000006858255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff686e35161da892022-01-05 09:18:33.430root 11241100x80000000000000006858256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a46721683dbe5222022-01-05 09:18:33.430root 11241100x80000000000000006858257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f63d77f3d0499582022-01-05 09:18:33.430root 11241100x80000000000000006858258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.430{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f672911f8dc71bb62022-01-05 09:18:33.430root 11241100x80000000000000006858259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcde0287d6ce3f82022-01-05 09:18:33.431root 11241100x80000000000000006858260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd209e1a2df1d682022-01-05 09:18:33.431root 11241100x80000000000000006858261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac2c1c387847162022-01-05 09:18:33.431root 11241100x80000000000000006858262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.431{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00a2306c6f429c12022-01-05 09:18:33.431root 11241100x80000000000000006858263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.432{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67292e729cc0122022-01-05 09:18:33.432root 11241100x80000000000000006858264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.432{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c2f8cc987c99c92022-01-05 09:18:33.432root 11241100x80000000000000006858265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.432{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d48067cbd4b9a8c2022-01-05 09:18:33.432root 11241100x80000000000000006858266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e347ec38e235f8572022-01-05 09:18:33.433root 11241100x80000000000000006858267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616b21089497f8082022-01-05 09:18:33.433root 11241100x80000000000000006858268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d654d70cc6c24aa72022-01-05 09:18:33.433root 11241100x80000000000000006858269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966430d722629a3d2022-01-05 09:18:33.433root 11241100x80000000000000006858270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c54c3a1cd597e82022-01-05 09:18:33.433root 11241100x80000000000000006858271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9013c0465dd0f5572022-01-05 09:18:33.433root 11241100x80000000000000006858272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb9c4eca4825c302022-01-05 09:18:33.433root 11241100x80000000000000006858273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.433{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b543548ab8cd33a2022-01-05 09:18:33.433root 11241100x80000000000000006858274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555db5a72955f092022-01-05 09:18:33.710root 11241100x80000000000000006858275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e3387295db25e12022-01-05 09:18:33.710root 11241100x80000000000000006858276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43fbc65377290912022-01-05 09:18:33.710root 11241100x80000000000000006858277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390f86da23e619a52022-01-05 09:18:33.710root 11241100x80000000000000006858278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa808ced1926ecf2022-01-05 09:18:33.710root 11241100x80000000000000006858279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e6f493a3dfcc892022-01-05 09:18:33.710root 11241100x80000000000000006858280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc0e86e4aefb4a2022-01-05 09:18:33.710root 11241100x80000000000000006858281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acbfc4cf00670a42022-01-05 09:18:33.710root 11241100x80000000000000006858282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598f85b882ee83152022-01-05 09:18:33.711root 11241100x80000000000000006858283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b9c13ad1a85bb2022-01-05 09:18:33.711root 11241100x80000000000000006858284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d42111d507362b2022-01-05 09:18:33.711root 11241100x80000000000000006858285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7d9a03bc51f59f2022-01-05 09:18:33.711root 11241100x80000000000000006858286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621c804162bef60f2022-01-05 09:18:33.711root 11241100x80000000000000006858287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2790f7a48328be2022-01-05 09:18:33.711root 11241100x80000000000000006858288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c960dcee71d83e2022-01-05 09:18:33.711root 11241100x80000000000000006858289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e42729bd2d6bbbf2022-01-05 09:18:33.711root 11241100x80000000000000006858290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018575a9c2acf3cd2022-01-05 09:18:33.711root 11241100x80000000000000006858291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20177385bd6a54df2022-01-05 09:18:33.711root 11241100x80000000000000006858292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3974ff82b3af32ea2022-01-05 09:18:33.711root 11241100x80000000000000006858293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb6f29cbba27e8f2022-01-05 09:18:33.711root 11241100x80000000000000006858294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00880678303bdd0b2022-01-05 09:18:33.711root 11241100x80000000000000006858295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af1b0e70d5b92e02022-01-05 09:18:33.712root 11241100x80000000000000006858296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296d4f34b99fd5e92022-01-05 09:18:33.712root 11241100x80000000000000006858297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25687b563eeb29862022-01-05 09:18:33.712root 11241100x80000000000000006858298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f19aa1e81c9fc5b2022-01-05 09:18:34.210root 11241100x80000000000000006858299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b38c491eee9e12022-01-05 09:18:34.210root 11241100x80000000000000006858300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b16c24ed64e08c2022-01-05 09:18:34.210root 11241100x80000000000000006858301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c980390e09fdd22022-01-05 09:18:34.210root 11241100x80000000000000006858302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d31268f17b23152022-01-05 09:18:34.210root 11241100x80000000000000006858303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b2b53d85859962022-01-05 09:18:34.210root 11241100x80000000000000006858304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c80751c3b7b40e52022-01-05 09:18:34.211root 11241100x80000000000000006858305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a50499c52a4e42022-01-05 09:18:34.211root 11241100x80000000000000006858306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f17df351f8f8f92022-01-05 09:18:34.211root 11241100x80000000000000006858307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7a8c930bb595e02022-01-05 09:18:34.211root 11241100x80000000000000006858308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24910e29c7ab2a452022-01-05 09:18:34.211root 11241100x80000000000000006858309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caecded4964af13f2022-01-05 09:18:34.212root 11241100x80000000000000006858310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13134d37050eb3872022-01-05 09:18:34.212root 11241100x80000000000000006858311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cae8c38768224842022-01-05 09:18:34.212root 11241100x80000000000000006858312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a8316d817292a72022-01-05 09:18:34.212root 11241100x80000000000000006858313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554c3be695d0c10c2022-01-05 09:18:34.212root 11241100x80000000000000006858314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1edd4ed145482752022-01-05 09:18:34.213root 11241100x80000000000000006858315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5199356dc11b232022-01-05 09:18:34.213root 11241100x80000000000000006858316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c60b92425dd0c02022-01-05 09:18:34.213root 11241100x80000000000000006858317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50827f1d8d12e14e2022-01-05 09:18:34.213root 11241100x80000000000000006858318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdefbb6f35832c1b2022-01-05 09:18:34.213root 11241100x80000000000000006858319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64c667520312a02022-01-05 09:18:34.213root 11241100x80000000000000006858320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4338d09ed8b2c4322022-01-05 09:18:34.214root 11241100x80000000000000006858321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a1a0cd4532e502022-01-05 09:18:34.214root 11241100x80000000000000006858322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b781be76ef624f32022-01-05 09:18:34.710root 11241100x80000000000000006858323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ec0808d9934e8a2022-01-05 09:18:34.710root 11241100x80000000000000006858324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8be0b4449aa702022-01-05 09:18:34.710root 11241100x80000000000000006858325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f6d7e5ec20ffb92022-01-05 09:18:34.710root 11241100x80000000000000006858326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac5af4b45a73b4c2022-01-05 09:18:34.710root 11241100x80000000000000006858327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa20d87193f3232022-01-05 09:18:34.711root 11241100x80000000000000006858328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02c59f7a9ea09ae2022-01-05 09:18:34.711root 11241100x80000000000000006858329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1d13699ad92bcb2022-01-05 09:18:34.711root 11241100x80000000000000006858330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d073e318d664f0412022-01-05 09:18:34.712root 11241100x80000000000000006858331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6abaa938128509b2022-01-05 09:18:34.712root 11241100x80000000000000006858332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661ca5c67a3443c2022-01-05 09:18:34.712root 11241100x80000000000000006858333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc26ebe818a681b22022-01-05 09:18:34.712root 11241100x80000000000000006858334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e4745aa38a3ada2022-01-05 09:18:34.712root 11241100x80000000000000006858335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543ef6f78d6265cd2022-01-05 09:18:34.712root 11241100x80000000000000006858336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51099db6c0c33cc62022-01-05 09:18:34.712root 11241100x80000000000000006858337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3799fb2645054a2022-01-05 09:18:34.712root 11241100x80000000000000006858338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9e31c306274892022-01-05 09:18:34.712root 11241100x80000000000000006858339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67477b160cae97b2022-01-05 09:18:34.713root 11241100x80000000000000006858340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21261993bff939a92022-01-05 09:18:34.713root 11241100x80000000000000006858341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52f7f6f395bb3bf2022-01-05 09:18:34.713root 11241100x80000000000000006858342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7e76fa11ea4202022-01-05 09:18:34.713root 11241100x80000000000000006858343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6ab5acb00261162022-01-05 09:18:34.713root 11241100x80000000000000006858344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081285e915858b462022-01-05 09:18:34.713root 11241100x80000000000000006858345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:34.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718743a4f6f003bb2022-01-05 09:18:34.713root 11241100x80000000000000006858346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a168316209128fc92022-01-05 09:18:35.210root 11241100x80000000000000006858347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b674603cd81b5d2022-01-05 09:18:35.210root 11241100x80000000000000006858348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42501f24709481462022-01-05 09:18:35.210root 11241100x80000000000000006858349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451cf4e04e7a50a12022-01-05 09:18:35.210root 11241100x80000000000000006858350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb4d67db04b60e22022-01-05 09:18:35.210root 11241100x80000000000000006858351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94dafd79b8adcc72022-01-05 09:18:35.210root 11241100x80000000000000006858352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef77a4ebf3ddcde2022-01-05 09:18:35.210root 11241100x80000000000000006858353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c921d0f6873208972022-01-05 09:18:35.210root 11241100x80000000000000006858354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f554aece3499492022-01-05 09:18:35.210root 11241100x80000000000000006858355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1139917e377ab8652022-01-05 09:18:35.211root 11241100x80000000000000006858356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526bc894784f5c4e2022-01-05 09:18:35.211root 11241100x80000000000000006858357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4f6aa86cf3ba632022-01-05 09:18:35.211root 11241100x80000000000000006858358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90287b774fe0c12a2022-01-05 09:18:35.211root 11241100x80000000000000006858359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a1ef121094f6692022-01-05 09:18:35.211root 11241100x80000000000000006858360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589985e3bcf43de2022-01-05 09:18:35.211root 11241100x80000000000000006858361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79eb4bd33d52c6122022-01-05 09:18:35.211root 11241100x80000000000000006858362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977f546cf7fc3b682022-01-05 09:18:35.211root 11241100x80000000000000006858363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1358e039f60dc6b22022-01-05 09:18:35.211root 11241100x80000000000000006858364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6adf8230d3ec5bc2022-01-05 09:18:35.211root 11241100x80000000000000006858365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e1924c353a5082022-01-05 09:18:35.211root 11241100x80000000000000006858366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e53829d1525e382022-01-05 09:18:35.212root 11241100x80000000000000006858367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56034e9d190c04ed2022-01-05 09:18:35.212root 11241100x80000000000000006858368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f50ce41fd490b622022-01-05 09:18:35.212root 11241100x80000000000000006858369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d11ab971e28a67c2022-01-05 09:18:35.212root 11241100x80000000000000006858370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c186e8c1daf961272022-01-05 09:18:35.710root 11241100x80000000000000006858371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196d8e30d5c75a442022-01-05 09:18:35.710root 11241100x80000000000000006858372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700d69aae701993f2022-01-05 09:18:35.710root 11241100x80000000000000006858373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3f02450615fa9e2022-01-05 09:18:35.710root 11241100x80000000000000006858374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8398a49b5bbf16bf2022-01-05 09:18:35.710root 11241100x80000000000000006858375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4608b6ffc7c9b7a82022-01-05 09:18:35.710root 11241100x80000000000000006858376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0e12ca5f5bf3c02022-01-05 09:18:35.710root 11241100x80000000000000006858377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2dd8179febf6082022-01-05 09:18:35.710root 11241100x80000000000000006858378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fa5576b8d9918f2022-01-05 09:18:35.711root 11241100x80000000000000006858379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0870cda349e45a2022-01-05 09:18:35.711root 11241100x80000000000000006858380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c06731ed2d7e0682022-01-05 09:18:35.711root 11241100x80000000000000006858381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dadcec55cc02f92022-01-05 09:18:35.711root 11241100x80000000000000006858382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b27d1762e421c8f2022-01-05 09:18:35.711root 11241100x80000000000000006858383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc50f6c3ba8f029d2022-01-05 09:18:35.711root 11241100x80000000000000006858384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732ca55f5f371dd92022-01-05 09:18:35.711root 11241100x80000000000000006858385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b02d4e8aee5fe32022-01-05 09:18:35.711root 11241100x80000000000000006858386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf2a3dbc933154a2022-01-05 09:18:35.711root 11241100x80000000000000006858387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ad698c6eee56b2022-01-05 09:18:35.711root 11241100x80000000000000006858388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b68fded4a839a052022-01-05 09:18:35.712root 11241100x80000000000000006858389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15df07057ca7db712022-01-05 09:18:35.712root 11241100x80000000000000006858390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864d03a1d583864e2022-01-05 09:18:35.712root 11241100x80000000000000006858391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e52bf77bafd72da2022-01-05 09:18:35.712root 11241100x80000000000000006858392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d54b384ba038ad2022-01-05 09:18:35.712root 11241100x80000000000000006858393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:35.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168b228487228c9e2022-01-05 09:18:35.712root 11241100x80000000000000006858394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb82ec86c253493a2022-01-05 09:18:36.210root 11241100x80000000000000006858395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf15874571217e292022-01-05 09:18:36.210root 11241100x80000000000000006858396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75de44b0c366941f2022-01-05 09:18:36.210root 11241100x80000000000000006858397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7000ff2a4f1fde82022-01-05 09:18:36.210root 11241100x80000000000000006858398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97543d52f28924e02022-01-05 09:18:36.210root 11241100x80000000000000006858399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4f867c51fe90eb2022-01-05 09:18:36.210root 11241100x80000000000000006858400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5012ea47bb53858b2022-01-05 09:18:36.210root 11241100x80000000000000006858401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd4b9e40235d1562022-01-05 09:18:36.210root 11241100x80000000000000006858402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e738d6c217fd77f2022-01-05 09:18:36.211root 11241100x80000000000000006858403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46775f98b06f1d512022-01-05 09:18:36.211root 11241100x80000000000000006858404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96555733a35572272022-01-05 09:18:36.211root 11241100x80000000000000006858405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a2c7f9ef03ce82022-01-05 09:18:36.211root 11241100x80000000000000006858406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25afbfdfdba8a4ce2022-01-05 09:18:36.211root 11241100x80000000000000006858407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7825fb4a73531182022-01-05 09:18:36.211root 11241100x80000000000000006858408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177f5a2ad016ac662022-01-05 09:18:36.211root 11241100x80000000000000006858409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b9a7c92190bddd2022-01-05 09:18:36.211root 11241100x80000000000000006858410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e7c54486c9db722022-01-05 09:18:36.211root 11241100x80000000000000006858411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27e675bc48b7cb72022-01-05 09:18:36.211root 11241100x80000000000000006858412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c584236e7e73f1ba2022-01-05 09:18:36.212root 11241100x80000000000000006858413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9522e1e60f3e15152022-01-05 09:18:36.212root 11241100x80000000000000006858414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cd11bf67ce6f662022-01-05 09:18:36.212root 11241100x80000000000000006858415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62cf4686ca11a142022-01-05 09:18:36.212root 11241100x80000000000000006858416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96881b23a46b02272022-01-05 09:18:36.212root 11241100x80000000000000006858417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbc097e2fc0a3d12022-01-05 09:18:36.212root 11241100x80000000000000006858418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d3998e6c8348762022-01-05 09:18:36.710root 11241100x80000000000000006858419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934f46c0d77fb44f2022-01-05 09:18:36.710root 11241100x80000000000000006858420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbda4901c78b626a2022-01-05 09:18:36.710root 11241100x80000000000000006858421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f57214f9277b24e2022-01-05 09:18:36.710root 11241100x80000000000000006858422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c26c9ca479f20522022-01-05 09:18:36.710root 11241100x80000000000000006858423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21848ec74887f8ff2022-01-05 09:18:36.710root 11241100x80000000000000006858424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea3789418c56962022-01-05 09:18:36.710root 11241100x80000000000000006858425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69db8f91673a0b0b2022-01-05 09:18:36.711root 11241100x80000000000000006858426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d7ec8b7bdfb1052022-01-05 09:18:36.711root 11241100x80000000000000006858427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9917b4c31914ef242022-01-05 09:18:36.711root 11241100x80000000000000006858428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38868340a0c83c062022-01-05 09:18:36.711root 11241100x80000000000000006858429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27ba3c635b7e1f2022-01-05 09:18:36.711root 11241100x80000000000000006858430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9151778654c0e92022-01-05 09:18:36.711root 11241100x80000000000000006858431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65bd291a4794fd92022-01-05 09:18:36.711root 11241100x80000000000000006858432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724779f3353045fb2022-01-05 09:18:36.711root 11241100x80000000000000006858433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3948761a9daa4f12022-01-05 09:18:36.711root 11241100x80000000000000006858434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0e7611098a64aa2022-01-05 09:18:36.711root 11241100x80000000000000006858435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64231474ce75b53c2022-01-05 09:18:36.712root 11241100x80000000000000006858436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092c9972f5f7c8932022-01-05 09:18:36.712root 11241100x80000000000000006858437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ddd779b7d15a332022-01-05 09:18:36.712root 11241100x80000000000000006858438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88397377dd85dec2022-01-05 09:18:36.712root 11241100x80000000000000006858439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bacc291ba0ad512022-01-05 09:18:36.712root 11241100x80000000000000006858440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa22f42fab8c7c042022-01-05 09:18:36.712root 11241100x80000000000000006858441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c1a87c8a11ad152022-01-05 09:18:36.712root 11241100x80000000000000006858442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e3f0242866ae372022-01-05 09:18:37.210root 11241100x80000000000000006858443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af4dd0c4031a532022-01-05 09:18:37.210root 11241100x80000000000000006858444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a67e39a83a933212022-01-05 09:18:37.210root 11241100x80000000000000006858445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e5bab4ef6115a2022-01-05 09:18:37.210root 11241100x80000000000000006858446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1baf3a34666916282022-01-05 09:18:37.210root 11241100x80000000000000006858447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df8854b258cb6c32022-01-05 09:18:37.210root 11241100x80000000000000006858448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85aace4a65b04f82022-01-05 09:18:37.210root 11241100x80000000000000006858449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79368ee0c37b170c2022-01-05 09:18:37.210root 11241100x80000000000000006858450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963bfaf068c27efb2022-01-05 09:18:37.211root 11241100x80000000000000006858451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ce0bf2a943694a2022-01-05 09:18:37.211root 11241100x80000000000000006858452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439518ed5a1014002022-01-05 09:18:37.211root 11241100x80000000000000006858453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf889b05193a26b2022-01-05 09:18:37.211root 11241100x80000000000000006858454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fc26586b0fdb5e2022-01-05 09:18:37.211root 11241100x80000000000000006858455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85a20b9682078f82022-01-05 09:18:37.211root 11241100x80000000000000006858456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b3b20cdcd23c112022-01-05 09:18:37.211root 11241100x80000000000000006858457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e31c702786725672022-01-05 09:18:37.211root 11241100x80000000000000006858458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96ca64fc16862782022-01-05 09:18:37.211root 11241100x80000000000000006858459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77479353ad805d12022-01-05 09:18:37.211root 11241100x80000000000000006858460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7817f7583864dc832022-01-05 09:18:37.212root 11241100x80000000000000006858461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34449e4039cf463d2022-01-05 09:18:37.212root 11241100x80000000000000006858462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9bd98639f10ea22022-01-05 09:18:37.212root 11241100x80000000000000006858463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c08e62b8f182a5d2022-01-05 09:18:37.212root 11241100x80000000000000006858464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8a1fe9cbb25abc2022-01-05 09:18:37.212root 11241100x80000000000000006858465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65934398184242082022-01-05 09:18:37.212root 11241100x80000000000000006858466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff858a23a87ec192022-01-05 09:18:37.710root 11241100x80000000000000006858467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd6336b34d428162022-01-05 09:18:37.710root 11241100x80000000000000006858468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba588549febb852022-01-05 09:18:37.710root 11241100x80000000000000006858469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54562907e4eb0fb32022-01-05 09:18:37.710root 11241100x80000000000000006858470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20668d538f4ec6f02022-01-05 09:18:37.710root 11241100x80000000000000006858471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2d39d68ce8d98b2022-01-05 09:18:37.710root 11241100x80000000000000006858472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937fdf1bcb4ef5ac2022-01-05 09:18:37.710root 11241100x80000000000000006858473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766893527eb90ee12022-01-05 09:18:37.710root 11241100x80000000000000006858474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb945dd641f003bc2022-01-05 09:18:37.711root 11241100x80000000000000006858475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98288381c7a4d6cd2022-01-05 09:18:37.711root 11241100x80000000000000006858476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493ea3ae58b78daf2022-01-05 09:18:37.711root 11241100x80000000000000006858477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9998d0e257d285a2022-01-05 09:18:37.711root 11241100x80000000000000006858478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f045b6690b87c2022-01-05 09:18:37.711root 11241100x80000000000000006858479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9513a5d13a69a4e2022-01-05 09:18:37.711root 11241100x80000000000000006858480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c04fb731a366bbb2022-01-05 09:18:37.711root 11241100x80000000000000006858481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783d284fd820b89f2022-01-05 09:18:37.711root 11241100x80000000000000006858482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce274e529c7e0eb2022-01-05 09:18:37.711root 11241100x80000000000000006858483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d766d677559e1ed2022-01-05 09:18:37.711root 11241100x80000000000000006858484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73dc7d39563e69a2022-01-05 09:18:37.711root 11241100x80000000000000006858485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8d1edd11f2b422022-01-05 09:18:37.711root 11241100x80000000000000006858486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a22d0afd978be92022-01-05 09:18:37.712root 11241100x80000000000000006858487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ef51e0a9a3d08a2022-01-05 09:18:37.712root 11241100x80000000000000006858488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfcd50069a89ed52022-01-05 09:18:37.712root 11241100x80000000000000006858489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:37.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2637211c4cecbae72022-01-05 09:18:37.712root 11241100x80000000000000006858490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894aca87d4cd5b7a2022-01-05 09:18:38.210root 11241100x80000000000000006858491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81b5a5ea675c9152022-01-05 09:18:38.210root 11241100x80000000000000006858492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2d0f798aecabc92022-01-05 09:18:38.210root 11241100x80000000000000006858493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c7f2f3e72963d52022-01-05 09:18:38.211root 11241100x80000000000000006858494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e539b1dd2f536e622022-01-05 09:18:38.211root 11241100x80000000000000006858495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bad310545de3372022-01-05 09:18:38.211root 11241100x80000000000000006858496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74df926c726a895d2022-01-05 09:18:38.211root 11241100x80000000000000006858497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b6e591b5fbec52022-01-05 09:18:38.211root 11241100x80000000000000006858498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ecf2fd157252862022-01-05 09:18:38.211root 11241100x80000000000000006858499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85e467a9d1ad30d2022-01-05 09:18:38.211root 11241100x80000000000000006858500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9f65f69cf04d782022-01-05 09:18:38.211root 11241100x80000000000000006858501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dc7eef195516f12022-01-05 09:18:38.212root 11241100x80000000000000006858502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31f1616406df3d2022-01-05 09:18:38.212root 11241100x80000000000000006858503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d103841cc30267dc2022-01-05 09:18:38.212root 11241100x80000000000000006858504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e98abafe151f9d42022-01-05 09:18:38.212root 11241100x80000000000000006858505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69ec98151c9ac102022-01-05 09:18:38.212root 11241100x80000000000000006858506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4fa177b35f9fa12022-01-05 09:18:38.212root 11241100x80000000000000006858507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d40845c7d683e252022-01-05 09:18:38.212root 11241100x80000000000000006858508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac47dda4cba511362022-01-05 09:18:38.212root 11241100x80000000000000006858509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2f1f45d34edef32022-01-05 09:18:38.212root 11241100x80000000000000006858510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76a8a918a10c1822022-01-05 09:18:38.213root 11241100x80000000000000006858511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8810cf3f452aad362022-01-05 09:18:38.213root 11241100x80000000000000006858512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce19de91c2d15212022-01-05 09:18:38.213root 11241100x80000000000000006858513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01df04cfe9d8ce732022-01-05 09:18:38.213root 354300x80000000000000006858514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.230{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40656-false10.0.1.12-8000- 11241100x80000000000000006858515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487a4c1d6e3d90d02022-01-05 09:18:38.710root 11241100x80000000000000006858516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276825ac63d3032f2022-01-05 09:18:38.710root 11241100x80000000000000006858517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4d4fedc050e7f82022-01-05 09:18:38.710root 11241100x80000000000000006858518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8434f4d751c19d2022-01-05 09:18:38.710root 11241100x80000000000000006858519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f3f579413a31f2022-01-05 09:18:38.710root 11241100x80000000000000006858520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9844e69de6cd22022-01-05 09:18:38.710root 11241100x80000000000000006858521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeda3786a3bcd4d2022-01-05 09:18:38.710root 11241100x80000000000000006858522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefd9976a3ef69242022-01-05 09:18:38.711root 11241100x80000000000000006858523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd27c7ced9481eb62022-01-05 09:18:38.711root 11241100x80000000000000006858524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb66efa0365089422022-01-05 09:18:38.711root 11241100x80000000000000006858525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edb902328e5c89b2022-01-05 09:18:38.711root 11241100x80000000000000006858526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047bf696629202a2022-01-05 09:18:38.711root 11241100x80000000000000006858527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd41eeae0dc999e2022-01-05 09:18:38.711root 11241100x80000000000000006858528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89a22cb57b905532022-01-05 09:18:38.711root 11241100x80000000000000006858529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747f6a066b95cb522022-01-05 09:18:38.711root 11241100x80000000000000006858530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3200c3edb66ed2512022-01-05 09:18:38.711root 11241100x80000000000000006858531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9aa7e9e1261cdd2022-01-05 09:18:38.711root 11241100x80000000000000006858532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7b55b72276d1f72022-01-05 09:18:38.712root 11241100x80000000000000006858533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e6dd35c37253012022-01-05 09:18:38.712root 11241100x80000000000000006858534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78652c9ddbdc21f72022-01-05 09:18:38.712root 11241100x80000000000000006858535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643c8208071ace052022-01-05 09:18:38.712root 11241100x80000000000000006858536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd16e7e55d443d32022-01-05 09:18:38.712root 11241100x80000000000000006858537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbf33d23260940d2022-01-05 09:18:38.712root 11241100x80000000000000006858538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97185f1d58f727852022-01-05 09:18:38.712root 11241100x80000000000000006858539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7acd4628b01bcb2022-01-05 09:18:38.712root 11241100x80000000000000006858540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44290cd8e24214cf2022-01-05 09:18:39.210root 11241100x80000000000000006858541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac5ae78d86f14fa2022-01-05 09:18:39.210root 11241100x80000000000000006858542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0cf9d6235d67bc2022-01-05 09:18:39.210root 11241100x80000000000000006858543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae20369a637b5152022-01-05 09:18:39.210root 11241100x80000000000000006858544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96942f05ca091482022-01-05 09:18:39.210root 11241100x80000000000000006858545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c56878cdbf081b2022-01-05 09:18:39.210root 11241100x80000000000000006858546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8209a41c76d7a5732022-01-05 09:18:39.211root 11241100x80000000000000006858547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c88627a428754de2022-01-05 09:18:39.211root 11241100x80000000000000006858548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63061dbbac104e82022-01-05 09:18:39.211root 11241100x80000000000000006858549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea6eb3199d944592022-01-05 09:18:39.211root 11241100x80000000000000006858550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9272d479dad4bd942022-01-05 09:18:39.211root 11241100x80000000000000006858551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a8bbe65661a9e02022-01-05 09:18:39.211root 11241100x80000000000000006858552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80190748bfb864332022-01-05 09:18:39.211root 11241100x80000000000000006858553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd0ffd865c7909b2022-01-05 09:18:39.212root 11241100x80000000000000006858554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9af3cdbfbe56342022-01-05 09:18:39.212root 11241100x80000000000000006858555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14fabc5ba646a1b2022-01-05 09:18:39.212root 11241100x80000000000000006858556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a3a05d3d815c92022-01-05 09:18:39.212root 11241100x80000000000000006858557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04601f2ed5072def2022-01-05 09:18:39.212root 11241100x80000000000000006858558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca1e192af03d0952022-01-05 09:18:39.212root 11241100x80000000000000006858559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a28d646483f09c52022-01-05 09:18:39.212root 11241100x80000000000000006858560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c4276144515032022-01-05 09:18:39.212root 11241100x80000000000000006858561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d769c5887ca3e612022-01-05 09:18:39.213root 11241100x80000000000000006858562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1449b4fd97a975802022-01-05 09:18:39.213root 11241100x80000000000000006858563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d808038eb0bdf05c2022-01-05 09:18:39.213root 11241100x80000000000000006858564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60914925332b07f02022-01-05 09:18:39.213root 11241100x80000000000000006858565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5763b2516192a5452022-01-05 09:18:39.710root 11241100x80000000000000006858566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804fa8450e51f4ef2022-01-05 09:18:39.710root 11241100x80000000000000006858567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c23077ddbbd95f2022-01-05 09:18:39.710root 11241100x80000000000000006858568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f07e39ce58c582022-01-05 09:18:39.711root 11241100x80000000000000006858569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8295c51a4acee52e2022-01-05 09:18:39.711root 11241100x80000000000000006858570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94442cf0e1b27ade2022-01-05 09:18:39.711root 11241100x80000000000000006858571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d895c6af36edee32022-01-05 09:18:39.711root 11241100x80000000000000006858572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44dce76723eef82022-01-05 09:18:39.711root 11241100x80000000000000006858573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651e03d1652615042022-01-05 09:18:39.711root 11241100x80000000000000006858574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e719e944cdd2c6d2022-01-05 09:18:39.711root 11241100x80000000000000006858575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e929631c3cc724f22022-01-05 09:18:39.712root 11241100x80000000000000006858576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e545462aefb8a702022-01-05 09:18:39.712root 11241100x80000000000000006858577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6861dde761b52f2022-01-05 09:18:39.712root 11241100x80000000000000006858578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923c8602b2cad73b2022-01-05 09:18:39.712root 11241100x80000000000000006858579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dfc074a40549542022-01-05 09:18:39.712root 11241100x80000000000000006858580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e90f897f7a8ced2022-01-05 09:18:39.712root 11241100x80000000000000006858581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88436c74259905502022-01-05 09:18:39.712root 11241100x80000000000000006858582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d82b47daaa689e2022-01-05 09:18:39.712root 11241100x80000000000000006858583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39d0d206cdd064f2022-01-05 09:18:39.712root 11241100x80000000000000006858584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06365e2dccfdf272022-01-05 09:18:39.713root 11241100x80000000000000006858585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a146c709b767822022-01-05 09:18:39.713root 11241100x80000000000000006858586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcd61574baa34ea2022-01-05 09:18:39.713root 11241100x80000000000000006858587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ca66065f1e4bb22022-01-05 09:18:39.713root 11241100x80000000000000006858588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb0472a3ffe07bf2022-01-05 09:18:39.713root 11241100x80000000000000006858589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b346cf33d83f172022-01-05 09:18:39.713root 11241100x80000000000000006858590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b3e298726286992022-01-05 09:18:40.210root 11241100x80000000000000006858591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6dfdfda8fd6f7d82022-01-05 09:18:40.210root 11241100x80000000000000006858592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e80dac2fd9995692022-01-05 09:18:40.210root 11241100x80000000000000006858593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a6fa5bde5aed842022-01-05 09:18:40.210root 11241100x80000000000000006858594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a834d0312629d7c82022-01-05 09:18:40.210root 11241100x80000000000000006858595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e55d4a51067c0b2022-01-05 09:18:40.210root 11241100x80000000000000006858596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5298fbec8e299e2022-01-05 09:18:40.210root 11241100x80000000000000006858597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f5b3354b7b39c2022-01-05 09:18:40.211root 11241100x80000000000000006858598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232f3d0919bf06a62022-01-05 09:18:40.211root 11241100x80000000000000006858599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7981e2a22698612022-01-05 09:18:40.211root 11241100x80000000000000006858600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0641ff94f8e694ce2022-01-05 09:18:40.211root 11241100x80000000000000006858601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fd9101e2ac67392022-01-05 09:18:40.211root 11241100x80000000000000006858602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d20b3f50a10bcb2022-01-05 09:18:40.211root 11241100x80000000000000006858603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68c5fe009a42e32022-01-05 09:18:40.211root 11241100x80000000000000006858604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc97152c4e03482022-01-05 09:18:40.211root 11241100x80000000000000006858605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd2c130490919d62022-01-05 09:18:40.211root 11241100x80000000000000006858606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3249aa5fb2a3adb52022-01-05 09:18:40.211root 11241100x80000000000000006858607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c488efa661f4ee232022-01-05 09:18:40.211root 11241100x80000000000000006858608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f60bfee23581e832022-01-05 09:18:40.211root 11241100x80000000000000006858609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29173987321ca672022-01-05 09:18:40.211root 11241100x80000000000000006858610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b66bc0f48a3bc62022-01-05 09:18:40.211root 11241100x80000000000000006858611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070377786d193e492022-01-05 09:18:40.212root 11241100x80000000000000006858612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c01864041dde152022-01-05 09:18:40.212root 11241100x80000000000000006858613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0567eba1419739f52022-01-05 09:18:40.212root 11241100x80000000000000006858614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd07e3fd24f7eae2022-01-05 09:18:40.212root 11241100x80000000000000006858615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea4af0ef23b54782022-01-05 09:18:40.710root 11241100x80000000000000006858616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e343d3ea2483ed2022-01-05 09:18:40.710root 11241100x80000000000000006858617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b219bf0b2c2d6cb52022-01-05 09:18:40.710root 11241100x80000000000000006858618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8563f4dab85a48a72022-01-05 09:18:40.710root 11241100x80000000000000006858619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40ac1c380a7b112022-01-05 09:18:40.710root 11241100x80000000000000006858620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc1b2123a8862e02022-01-05 09:18:40.710root 11241100x80000000000000006858621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa4de846e12dea72022-01-05 09:18:40.711root 11241100x80000000000000006858622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8a0a95ccf8ed092022-01-05 09:18:40.711root 11241100x80000000000000006858623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94df8f530d9a30372022-01-05 09:18:40.711root 11241100x80000000000000006858624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e22e7996c712b92022-01-05 09:18:40.711root 11241100x80000000000000006858625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6177384d5d3fa2022-01-05 09:18:40.711root 11241100x80000000000000006858626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f69516a9f003e832022-01-05 09:18:40.711root 11241100x80000000000000006858627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bceef2baec2cf62022-01-05 09:18:40.711root 11241100x80000000000000006858628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3896ada20615d9f72022-01-05 09:18:40.711root 11241100x80000000000000006858629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224658707bada19a2022-01-05 09:18:40.711root 11241100x80000000000000006858630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb54bb4760f79592022-01-05 09:18:40.711root 11241100x80000000000000006858631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0627b4102e569d8d2022-01-05 09:18:40.711root 11241100x80000000000000006858632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731ffc6355e2e0fd2022-01-05 09:18:40.711root 11241100x80000000000000006858633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b37b74b7a7643da2022-01-05 09:18:40.711root 11241100x80000000000000006858634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9774b6993ccbf1052022-01-05 09:18:40.712root 11241100x80000000000000006858635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ecf95d59f202e332022-01-05 09:18:40.712root 11241100x80000000000000006858636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46c5cff81e5b262022-01-05 09:18:40.712root 11241100x80000000000000006858637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9d7ba33620528e2022-01-05 09:18:40.712root 11241100x80000000000000006858638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf5330d24e06d7f2022-01-05 09:18:40.712root 11241100x80000000000000006858639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbdbff90816c9652022-01-05 09:18:40.712root 11241100x80000000000000006858640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628d56b7a98c14e72022-01-05 09:18:41.210root 11241100x80000000000000006858641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7bf035eb52d4452022-01-05 09:18:41.210root 11241100x80000000000000006858642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2147ba773b6928a2022-01-05 09:18:41.210root 11241100x80000000000000006858643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf4a9e6d59c6d8f2022-01-05 09:18:41.210root 11241100x80000000000000006858644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75425c7afc5853d2022-01-05 09:18:41.210root 11241100x80000000000000006858645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926a405663fe5fb92022-01-05 09:18:41.210root 11241100x80000000000000006858646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8e402aaf79ea3a2022-01-05 09:18:41.210root 11241100x80000000000000006858647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3abaf0a0b8f6bc2022-01-05 09:18:41.210root 11241100x80000000000000006858648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e1f5a0afd3807a2022-01-05 09:18:41.210root 11241100x80000000000000006858649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860277038b16db7b2022-01-05 09:18:41.211root 11241100x80000000000000006858650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffce78f739c92fe2022-01-05 09:18:41.211root 11241100x80000000000000006858651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12194826772fca612022-01-05 09:18:41.211root 11241100x80000000000000006858652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8beeca91faafaa622022-01-05 09:18:41.211root 11241100x80000000000000006858653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f04b446b890e762022-01-05 09:18:41.211root 11241100x80000000000000006858654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe3b4ffb199f6c12022-01-05 09:18:41.211root 11241100x80000000000000006858655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34272d25377c5f252022-01-05 09:18:41.211root 11241100x80000000000000006858656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07772e6041bd43ff2022-01-05 09:18:41.211root 11241100x80000000000000006858657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a95800fd4118f62022-01-05 09:18:41.211root 11241100x80000000000000006858658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade46a325675bf222022-01-05 09:18:41.211root 11241100x80000000000000006858659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac3ef13da5358c02022-01-05 09:18:41.212root 11241100x80000000000000006858660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a491f84b4fd007c2022-01-05 09:18:41.212root 11241100x80000000000000006858661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cbc0a95d5c50b02022-01-05 09:18:41.212root 11241100x80000000000000006858662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb93509421edd72022-01-05 09:18:41.212root 11241100x80000000000000006858663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90e2193689d02402022-01-05 09:18:41.212root 11241100x80000000000000006858664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ba0fa6fd59a3cc2022-01-05 09:18:41.212root 11241100x80000000000000006858665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf64be8c0fd2fee2022-01-05 09:18:41.710root 11241100x80000000000000006858666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8142f78b0a52292022-01-05 09:18:41.710root 11241100x80000000000000006858667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bae92febb492da42022-01-05 09:18:41.710root 11241100x80000000000000006858668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7585f5885d75c12022-01-05 09:18:41.710root 11241100x80000000000000006858669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c40af8bcc3a482022-01-05 09:18:41.710root 11241100x80000000000000006858670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc58a5cf7acd6d7e2022-01-05 09:18:41.710root 11241100x80000000000000006858671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ced9749323952f2022-01-05 09:18:41.710root 11241100x80000000000000006858672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599bdd30c370f7772022-01-05 09:18:41.710root 11241100x80000000000000006858673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0931d097da82ce2022-01-05 09:18:41.710root 11241100x80000000000000006858674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315dc46bed2595532022-01-05 09:18:41.711root 11241100x80000000000000006858675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd17e77c99e594d32022-01-05 09:18:41.711root 11241100x80000000000000006858676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27f7a47d4b38052022-01-05 09:18:41.711root 11241100x80000000000000006858677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295aeaed4be64322022-01-05 09:18:41.711root 11241100x80000000000000006858678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62255a1b5bbe6b032022-01-05 09:18:41.711root 11241100x80000000000000006858679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4a18caccf671de2022-01-05 09:18:41.711root 11241100x80000000000000006858680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126fac73898234442022-01-05 09:18:41.711root 11241100x80000000000000006858681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ffcd11bcfdf8502022-01-05 09:18:41.711root 11241100x80000000000000006858682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c189e91db77d98e2022-01-05 09:18:41.711root 11241100x80000000000000006858683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0290ea731be942f2022-01-05 09:18:41.711root 11241100x80000000000000006858684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7924becfc90fe45e2022-01-05 09:18:41.711root 11241100x80000000000000006858685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2c715e9b36cf0a2022-01-05 09:18:41.712root 11241100x80000000000000006858686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293cd89a69c102be2022-01-05 09:18:41.712root 11241100x80000000000000006858687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27015d37e4fd1da2022-01-05 09:18:41.712root 11241100x80000000000000006858688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03833be741f82c402022-01-05 09:18:41.712root 11241100x80000000000000006858689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce5d4e5a21b7d0f2022-01-05 09:18:41.712root 11241100x80000000000000006858690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a26f9946f1278d2022-01-05 09:18:42.210root 11241100x80000000000000006858691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170033266b1b6cab2022-01-05 09:18:42.210root 11241100x80000000000000006858692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b6f2ef21a4a3962022-01-05 09:18:42.210root 11241100x80000000000000006858693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2660fe5cfba054d2022-01-05 09:18:42.210root 11241100x80000000000000006858694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5065a74e4f41b6122022-01-05 09:18:42.210root 11241100x80000000000000006858695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d87db835c165002022-01-05 09:18:42.210root 11241100x80000000000000006858696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15266d1f4a12b122022-01-05 09:18:42.210root 11241100x80000000000000006858697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85222321e354e5b22022-01-05 09:18:42.210root 11241100x80000000000000006858698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d9e3582e60e362022-01-05 09:18:42.211root 11241100x80000000000000006858699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397290504d18f2f2022-01-05 09:18:42.211root 11241100x80000000000000006858700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c116594b9295d522022-01-05 09:18:42.211root 11241100x80000000000000006858701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4967845eb0c3a342022-01-05 09:18:42.211root 11241100x80000000000000006858702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269498533d43a4282022-01-05 09:18:42.211root 11241100x80000000000000006858703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c941ba7db86142022-01-05 09:18:42.211root 11241100x80000000000000006858704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34225ed1ab48c4172022-01-05 09:18:42.211root 11241100x80000000000000006858705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c07e1fbfe1fb2192022-01-05 09:18:42.211root 11241100x80000000000000006858706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ed0fbbc9c68e7c2022-01-05 09:18:42.211root 11241100x80000000000000006858707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5319ecd9abcc12022-01-05 09:18:42.211root 11241100x80000000000000006858708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4895eb978706f1602022-01-05 09:18:42.212root 11241100x80000000000000006858709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10b1ed008924b622022-01-05 09:18:42.212root 11241100x80000000000000006858710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232be98f2d09ff1b2022-01-05 09:18:42.212root 11241100x80000000000000006858711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802263a4099b0062022-01-05 09:18:42.212root 11241100x80000000000000006858712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8642d15c9e953f2022-01-05 09:18:42.212root 11241100x80000000000000006858713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456898ac638c2eff2022-01-05 09:18:42.212root 11241100x80000000000000006858714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5c39993418e8362022-01-05 09:18:42.212root 11241100x80000000000000006858715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73517eb3ff124d282022-01-05 09:18:42.710root 11241100x80000000000000006858716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d68195d631bc9df2022-01-05 09:18:42.710root 11241100x80000000000000006858717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d29c62104cfde12022-01-05 09:18:42.710root 11241100x80000000000000006858718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26abbf4a01a3ff112022-01-05 09:18:42.710root 11241100x80000000000000006858719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da326422e5790b42022-01-05 09:18:42.710root 11241100x80000000000000006858720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c1b285b9dde4812022-01-05 09:18:42.710root 11241100x80000000000000006858721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6b8713780f2b452022-01-05 09:18:42.710root 11241100x80000000000000006858722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ea7502609790b02022-01-05 09:18:42.710root 11241100x80000000000000006858723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18e66e26bcea9912022-01-05 09:18:42.710root 11241100x80000000000000006858724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731bb5dfa6e5be02022-01-05 09:18:42.710root 11241100x80000000000000006858725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd653871cd1abb002022-01-05 09:18:42.711root 11241100x80000000000000006858726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b704b0c29defe002022-01-05 09:18:42.711root 11241100x80000000000000006858727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2593b58ed4fe3c2022-01-05 09:18:42.711root 11241100x80000000000000006858728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5791c5793c53442022-01-05 09:18:42.711root 11241100x80000000000000006858729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b03340a368c403c2022-01-05 09:18:42.711root 11241100x80000000000000006858730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e0799810f53c1e2022-01-05 09:18:42.711root 11241100x80000000000000006858731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07855c18ec32508f2022-01-05 09:18:42.711root 11241100x80000000000000006858732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e6d7d1b420ff892022-01-05 09:18:42.711root 11241100x80000000000000006858733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3dd44848b324292022-01-05 09:18:42.711root 11241100x80000000000000006858734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba396b528c6065ea2022-01-05 09:18:42.711root 11241100x80000000000000006858735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0b3a19852aaf112022-01-05 09:18:42.711root 11241100x80000000000000006858736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668035f8244f450e2022-01-05 09:18:42.711root 11241100x80000000000000006858737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e437421fb832a52022-01-05 09:18:42.711root 11241100x80000000000000006858738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1605bc8b462f13262022-01-05 09:18:42.711root 11241100x80000000000000006858739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de40ffded6fd1acb2022-01-05 09:18:42.711root 11241100x80000000000000006858740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dac93b59df324062022-01-05 09:18:43.210root 11241100x80000000000000006858741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc524c729fe2cab2022-01-05 09:18:43.210root 11241100x80000000000000006858742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52106944f3528ec32022-01-05 09:18:43.210root 11241100x80000000000000006858743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238d0844291724b92022-01-05 09:18:43.210root 11241100x80000000000000006858744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c173df7323d4c6432022-01-05 09:18:43.210root 11241100x80000000000000006858745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e207ac231e5b43392022-01-05 09:18:43.210root 11241100x80000000000000006858746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524a5681ca421e252022-01-05 09:18:43.210root 11241100x80000000000000006858747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f272377d67f6b62022-01-05 09:18:43.210root 11241100x80000000000000006858748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c21a6abfd346012022-01-05 09:18:43.211root 11241100x80000000000000006858749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f6c73a0d979ef62022-01-05 09:18:43.211root 11241100x80000000000000006858750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b54b653ca6ffb372022-01-05 09:18:43.211root 11241100x80000000000000006858751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49077698d6bc8b192022-01-05 09:18:43.211root 11241100x80000000000000006858752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b8131d974834a12022-01-05 09:18:43.211root 11241100x80000000000000006858753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac513dd0e0afd022022-01-05 09:18:43.211root 11241100x80000000000000006858754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf35c45a82aead852022-01-05 09:18:43.211root 11241100x80000000000000006858755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d054ca13846482022-01-05 09:18:43.211root 11241100x80000000000000006858756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdb102af3cfbe9c2022-01-05 09:18:43.212root 11241100x80000000000000006858757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132a45fe3e8e04c2022-01-05 09:18:43.212root 11241100x80000000000000006858758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2982640c1f5676de2022-01-05 09:18:43.212root 11241100x80000000000000006858759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9579e2e0b5fda52022-01-05 09:18:43.212root 11241100x80000000000000006858760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01658f44ac5f98aa2022-01-05 09:18:43.212root 11241100x80000000000000006858761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b348f7fe0e42e8532022-01-05 09:18:43.212root 11241100x80000000000000006858762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa9fba8ea7d62042022-01-05 09:18:43.212root 11241100x80000000000000006858763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94547235649f42992022-01-05 09:18:43.212root 11241100x80000000000000006858764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41652f28739a0d492022-01-05 09:18:43.212root 11241100x80000000000000006858765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b41f1c654409112022-01-05 09:18:43.710root 11241100x80000000000000006858766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46494dd9c02d1412022-01-05 09:18:43.710root 11241100x80000000000000006858767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f92097f17b8e5212022-01-05 09:18:43.710root 11241100x80000000000000006858768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d68618dd71b95832022-01-05 09:18:43.710root 11241100x80000000000000006858769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b24843780026562022-01-05 09:18:43.710root 11241100x80000000000000006858770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f842790a713374f62022-01-05 09:18:43.710root 11241100x80000000000000006858771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dadd817e1f5d3532022-01-05 09:18:43.711root 11241100x80000000000000006858772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca2e97d499065172022-01-05 09:18:43.711root 11241100x80000000000000006858773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72d1557a98e92f2022-01-05 09:18:43.711root 11241100x80000000000000006858774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d407121685c346d2022-01-05 09:18:43.711root 11241100x80000000000000006858775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb10e5d841e596e2022-01-05 09:18:43.711root 11241100x80000000000000006858776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825688b8b8fdf4dd2022-01-05 09:18:43.711root 11241100x80000000000000006858777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc7e575bea5f8282022-01-05 09:18:43.711root 11241100x80000000000000006858778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08f724113b031b12022-01-05 09:18:43.711root 11241100x80000000000000006858779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fee40e3e2c60002022-01-05 09:18:43.711root 11241100x80000000000000006858780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab3f2d5b2c0d852022-01-05 09:18:43.712root 11241100x80000000000000006858781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babd4ed38dc2df522022-01-05 09:18:43.712root 11241100x80000000000000006858782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c238762bc564a6972022-01-05 09:18:43.712root 11241100x80000000000000006858783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618242ea1d7d46f42022-01-05 09:18:43.712root 11241100x80000000000000006858784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683c4c2c636619282022-01-05 09:18:43.712root 11241100x80000000000000006858785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a199e2a1bac7f702022-01-05 09:18:43.712root 11241100x80000000000000006858786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790006bbf76e2992022-01-05 09:18:43.712root 11241100x80000000000000006858787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71bfbd3b937bd182022-01-05 09:18:43.712root 11241100x80000000000000006858788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e5845a3edcca3e2022-01-05 09:18:43.712root 11241100x80000000000000006858789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d2cfab1b4e2efa2022-01-05 09:18:43.713root 354300x80000000000000006858790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.207{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40658-false10.0.1.12-8000- 11241100x80000000000000006858791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.207{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74b26ecf3cc906d2022-01-05 09:18:44.207root 11241100x80000000000000006858792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.207{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04da6379b240a72022-01-05 09:18:44.207root 11241100x80000000000000006858793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e0cd0d9466bc4b2022-01-05 09:18:44.208root 11241100x80000000000000006858794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d6044d8eab91dc2022-01-05 09:18:44.208root 11241100x80000000000000006858795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e1beb3e621aa0f2022-01-05 09:18:44.208root 11241100x80000000000000006858796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129588b3abdb9b2f2022-01-05 09:18:44.208root 11241100x80000000000000006858797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eef332bf0f2e8d2022-01-05 09:18:44.208root 11241100x80000000000000006858798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de10b51575601532022-01-05 09:18:44.208root 11241100x80000000000000006858799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c805a4cf3678e7082022-01-05 09:18:44.208root 11241100x80000000000000006858800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c678a0ce01d446362022-01-05 09:18:44.208root 11241100x80000000000000006858801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609218f8c9a89f002022-01-05 09:18:44.209root 11241100x80000000000000006858802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f08d8f86bf71e52022-01-05 09:18:44.209root 11241100x80000000000000006858803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba045c852a67492022-01-05 09:18:44.209root 11241100x80000000000000006858804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c505752e72d50bfb2022-01-05 09:18:44.209root 11241100x80000000000000006858805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07218bb444bca1582022-01-05 09:18:44.209root 11241100x80000000000000006858806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efae8d7c9eea4bc62022-01-05 09:18:44.209root 11241100x80000000000000006858807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c3f4b9e055245a2022-01-05 09:18:44.209root 11241100x80000000000000006858808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fc039dcbb3eab2022-01-05 09:18:44.209root 11241100x80000000000000006858809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b64ee87027197e2022-01-05 09:18:44.209root 11241100x80000000000000006858810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39ab5f3caa117492022-01-05 09:18:44.209root 11241100x80000000000000006858811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5a1af5bcffa9cc2022-01-05 09:18:44.209root 11241100x80000000000000006858812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b6ae4e5693be212022-01-05 09:18:44.209root 11241100x80000000000000006858813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c753fb7d907a6522022-01-05 09:18:44.210root 11241100x80000000000000006858814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d80923f39b6412022-01-05 09:18:44.210root 11241100x80000000000000006858815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e525b5d98d90c2642022-01-05 09:18:44.210root 11241100x80000000000000006858816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e553967525e9ebdd2022-01-05 09:18:44.210root 11241100x80000000000000006858817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca832ceb4733b2a2022-01-05 09:18:44.210root 11241100x80000000000000006858818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1741223bf25adecd2022-01-05 09:18:44.210root 11241100x80000000000000006858819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728161d3541284262022-01-05 09:18:44.210root 11241100x80000000000000006858820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e398ab3098e70452022-01-05 09:18:44.210root 11241100x80000000000000006858821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1240d9c42379c92022-01-05 09:18:44.210root 11241100x80000000000000006858822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ea3492fea8feb22022-01-05 09:18:44.210root 11241100x80000000000000006858823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d33c70fef07df542022-01-05 09:18:44.210root 11241100x80000000000000006858824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d91a609695a6e02022-01-05 09:18:44.210root 11241100x80000000000000006858825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727640e82663ad4c2022-01-05 09:18:44.211root 11241100x80000000000000006858826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97431528c20380f2022-01-05 09:18:44.211root 11241100x80000000000000006858827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229ba0bc29e0685d2022-01-05 09:18:44.211root 11241100x80000000000000006858828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381fe61b212b05242022-01-05 09:18:44.460root 11241100x80000000000000006858829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8099cafc9d2a902022-01-05 09:18:44.460root 11241100x80000000000000006858830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6582c06fe375c52022-01-05 09:18:44.460root 11241100x80000000000000006858831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c56b1cb6e431b42022-01-05 09:18:44.460root 11241100x80000000000000006858832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f15dd2a969423982022-01-05 09:18:44.460root 11241100x80000000000000006858833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167c8073dabfd6fc2022-01-05 09:18:44.460root 11241100x80000000000000006858834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b474f1d809a9ea9f2022-01-05 09:18:44.460root 11241100x80000000000000006858835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b54184da9b2c7f2022-01-05 09:18:44.461root 11241100x80000000000000006858836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e20d59715c8882022-01-05 09:18:44.461root 11241100x80000000000000006858837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc8eacb0c4af0a62022-01-05 09:18:44.461root 11241100x80000000000000006858838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa0c203c9eb50912022-01-05 09:18:44.461root 11241100x80000000000000006858839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a2f716c079d9d2022-01-05 09:18:44.461root 11241100x80000000000000006858840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9622c0489fdbda052022-01-05 09:18:44.461root 11241100x80000000000000006858841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60fb0481ac8a0282022-01-05 09:18:44.461root 11241100x80000000000000006858842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34482ba62fc6f802022-01-05 09:18:44.461root 11241100x80000000000000006858843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d8d02559f74c02022-01-05 09:18:44.461root 11241100x80000000000000006858844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6f6436614cbc872022-01-05 09:18:44.461root 11241100x80000000000000006858845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11283c558487612f2022-01-05 09:18:44.461root 11241100x80000000000000006858846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43c9e15ea1875e82022-01-05 09:18:44.461root 11241100x80000000000000006858847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30f5a4c6ff681722022-01-05 09:18:44.462root 11241100x80000000000000006858848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e716cd331f609e42022-01-05 09:18:44.462root 11241100x80000000000000006858849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad479b4209c5542022-01-05 09:18:44.462root 11241100x80000000000000006858850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885da5b20cba50112022-01-05 09:18:44.462root 11241100x80000000000000006858851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10fa7fe8c8cace92022-01-05 09:18:44.462root 11241100x80000000000000006858852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ca3ad13a4917572022-01-05 09:18:44.462root 11241100x80000000000000006858853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d0eb751e1fa6d72022-01-05 09:18:44.462root 11241100x80000000000000006858854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed4f4a8d3ed0b12022-01-05 09:18:44.960root 11241100x80000000000000006858855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8576cceb7b9f4e2022-01-05 09:18:44.960root 11241100x80000000000000006858856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb06f4568f29f802022-01-05 09:18:44.960root 11241100x80000000000000006858857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628fd6a8d293a9ac2022-01-05 09:18:44.960root 11241100x80000000000000006858858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b260528363e0c1a72022-01-05 09:18:44.960root 11241100x80000000000000006858859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a96d14a0f460c642022-01-05 09:18:44.960root 11241100x80000000000000006858860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7358ccda6511dad2022-01-05 09:18:44.960root 11241100x80000000000000006858861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45153ffb2780da82022-01-05 09:18:44.960root 11241100x80000000000000006858862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bfdc3a6b09e39f2022-01-05 09:18:44.961root 11241100x80000000000000006858863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379978dc03f2a13d2022-01-05 09:18:44.961root 11241100x80000000000000006858864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e2a85b07454b2b2022-01-05 09:18:44.961root 11241100x80000000000000006858865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896c251535a54352022-01-05 09:18:44.961root 11241100x80000000000000006858866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af6e38a8d248452022-01-05 09:18:44.961root 11241100x80000000000000006858867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8ec0590246a8552022-01-05 09:18:44.961root 11241100x80000000000000006858868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f161ded750421da42022-01-05 09:18:44.961root 11241100x80000000000000006858869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a59532125e0b4802022-01-05 09:18:44.961root 11241100x80000000000000006858870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef81de00bbb029c2022-01-05 09:18:44.961root 11241100x80000000000000006858871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb8600cf714a31b2022-01-05 09:18:44.961root 11241100x80000000000000006858872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcb5a11c2a907412022-01-05 09:18:44.961root 11241100x80000000000000006858873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54995aca67083262022-01-05 09:18:44.961root 11241100x80000000000000006858874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62595061630353682022-01-05 09:18:44.961root 11241100x80000000000000006858875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af685c7cb300f102022-01-05 09:18:44.961root 11241100x80000000000000006858876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7b5f305e8d0dc72022-01-05 09:18:44.962root 11241100x80000000000000006858877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4bb3d7916d59e72022-01-05 09:18:44.962root 11241100x80000000000000006858878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab310f98aaef3642022-01-05 09:18:44.962root 11241100x80000000000000006858879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c735f54a41f24d2022-01-05 09:18:44.962root 11241100x80000000000000006858880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45691315ef5a07ab2022-01-05 09:18:45.460root 11241100x80000000000000006858881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e92bed5ea111b02022-01-05 09:18:45.460root 11241100x80000000000000006858882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e56abb27381072022-01-05 09:18:45.460root 11241100x80000000000000006858883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfca660a9bc34362022-01-05 09:18:45.460root 11241100x80000000000000006858884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5254d39c27dba10c2022-01-05 09:18:45.460root 11241100x80000000000000006858885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6593c90070c27f652022-01-05 09:18:45.460root 11241100x80000000000000006858886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f218caef92499ed22022-01-05 09:18:45.460root 11241100x80000000000000006858887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7b47cec2da41d92022-01-05 09:18:45.460root 11241100x80000000000000006858888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefb627b0358546e2022-01-05 09:18:45.461root 11241100x80000000000000006858889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff06e7c60a6cc73c2022-01-05 09:18:45.461root 11241100x80000000000000006858890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379a577493af3682022-01-05 09:18:45.461root 11241100x80000000000000006858891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c997e50f4923e92022-01-05 09:18:45.461root 11241100x80000000000000006858892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8adcb0318f3e45a2022-01-05 09:18:45.461root 11241100x80000000000000006858893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128d2667177b5932022-01-05 09:18:45.461root 11241100x80000000000000006858894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76afc57a16969bfe2022-01-05 09:18:45.461root 11241100x80000000000000006858895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b20b3c7663c54852022-01-05 09:18:45.461root 11241100x80000000000000006858896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946daf47067462132022-01-05 09:18:45.461root 11241100x80000000000000006858897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feae40d1c4c8da22022-01-05 09:18:45.461root 11241100x80000000000000006858898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7abe98c0f99b332022-01-05 09:18:45.461root 11241100x80000000000000006858899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196b2e6c48a53de92022-01-05 09:18:45.461root 11241100x80000000000000006858900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7001aab4ff2139e2022-01-05 09:18:45.461root 11241100x80000000000000006858901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafbbed290448d642022-01-05 09:18:45.461root 11241100x80000000000000006858902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2807bdf310ed1fe2022-01-05 09:18:45.462root 11241100x80000000000000006858903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6933b7a93c9c01252022-01-05 09:18:45.462root 11241100x80000000000000006858904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77b0fc07519e622022-01-05 09:18:45.462root 11241100x80000000000000006858905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fc4eea781b8a312022-01-05 09:18:45.462root 11241100x80000000000000006858906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3fb58b0ca8816c2022-01-05 09:18:45.960root 11241100x80000000000000006858907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654d6304db4ff3062022-01-05 09:18:45.960root 11241100x80000000000000006858908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c042be11714a9832022-01-05 09:18:45.960root 11241100x80000000000000006858909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c737c60073d7b8d2022-01-05 09:18:45.960root 11241100x80000000000000006858910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1204c99d809ca22022-01-05 09:18:45.960root 11241100x80000000000000006858911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc9782a291dbb572022-01-05 09:18:45.960root 11241100x80000000000000006858912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02aff7f3dbcc7022022-01-05 09:18:45.960root 11241100x80000000000000006858913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6ce48c9b6f5f0b2022-01-05 09:18:45.961root 11241100x80000000000000006858914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32da928cedd53b942022-01-05 09:18:45.961root 11241100x80000000000000006858915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc4b7768a136d12022-01-05 09:18:45.961root 11241100x80000000000000006858916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaec63dc835389762022-01-05 09:18:45.961root 11241100x80000000000000006858917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593509dcf2212d82022-01-05 09:18:45.961root 11241100x80000000000000006858918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b5f67b8de027432022-01-05 09:18:45.961root 11241100x80000000000000006858919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0250d6974c2ef1ef2022-01-05 09:18:45.961root 11241100x80000000000000006858920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf734532b9eb48812022-01-05 09:18:45.961root 11241100x80000000000000006858921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1db61ebb0f19f42022-01-05 09:18:45.961root 11241100x80000000000000006858922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33cb89142bab7a72022-01-05 09:18:45.961root 11241100x80000000000000006858923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9919dcdd3ed2601b2022-01-05 09:18:45.961root 11241100x80000000000000006858924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524bdcb41973efb22022-01-05 09:18:45.961root 11241100x80000000000000006858925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db24bf6fabac98b2022-01-05 09:18:45.962root 11241100x80000000000000006858926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6beda5f8cf2b72022-01-05 09:18:45.962root 11241100x80000000000000006858927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db9a319d90e79452022-01-05 09:18:45.962root 11241100x80000000000000006858928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdc2acd25d5ee222022-01-05 09:18:45.962root 11241100x80000000000000006858929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e63cd097b14a42022-01-05 09:18:45.963root 11241100x80000000000000006858930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a27d5227d77a82a2022-01-05 09:18:45.963root 11241100x80000000000000006858931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08905955f8e87d462022-01-05 09:18:45.964root 11241100x80000000000000006858932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f3360466e4d9c32022-01-05 09:18:46.460root 11241100x80000000000000006858933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5980efdb5a57942022-01-05 09:18:46.460root 11241100x80000000000000006858934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b542fba0e762572022-01-05 09:18:46.460root 11241100x80000000000000006858935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fda8a8048627392022-01-05 09:18:46.460root 11241100x80000000000000006858936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7034d96533c127222022-01-05 09:18:46.461root 11241100x80000000000000006858937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20857c4cac16630b2022-01-05 09:18:46.461root 11241100x80000000000000006858938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5c24ba25bf0042022-01-05 09:18:46.461root 11241100x80000000000000006858939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08181e3aa0289ee2022-01-05 09:18:46.461root 11241100x80000000000000006858940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9246333b9b7c6d2022-01-05 09:18:46.461root 11241100x80000000000000006858941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8026f8b7c204783a2022-01-05 09:18:46.461root 11241100x80000000000000006858942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de43716610f8d1912022-01-05 09:18:46.461root 11241100x80000000000000006858943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c41cc086006915e2022-01-05 09:18:46.461root 11241100x80000000000000006858944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2473cf671c6d65e92022-01-05 09:18:46.461root 11241100x80000000000000006858945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dbde6a65558ab02022-01-05 09:18:46.461root 11241100x80000000000000006858946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c9e7fdc0ff4d6d2022-01-05 09:18:46.462root 11241100x80000000000000006858947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecf5326588e4f9e2022-01-05 09:18:46.462root 11241100x80000000000000006858948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937a0ad1d24e477e2022-01-05 09:18:46.462root 11241100x80000000000000006858949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b99ca580be74ab62022-01-05 09:18:46.462root 11241100x80000000000000006858950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a063a996e644d8822022-01-05 09:18:46.462root 11241100x80000000000000006858951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5873b6782d8852b02022-01-05 09:18:46.462root 11241100x80000000000000006858952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6b342602fda272022-01-05 09:18:46.462root 11241100x80000000000000006858953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341fa46e8ee9311a2022-01-05 09:18:46.462root 11241100x80000000000000006858954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df604736eaa10e92022-01-05 09:18:46.462root 11241100x80000000000000006858955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b941e9ad545c8c1a2022-01-05 09:18:46.462root 11241100x80000000000000006858956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69e15bde277769c2022-01-05 09:18:46.463root 11241100x80000000000000006858957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1858ee054ac7f92022-01-05 09:18:46.463root 11241100x80000000000000006858958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06ca940566996242022-01-05 09:18:46.960root 11241100x80000000000000006858959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca76117e897148a02022-01-05 09:18:46.960root 11241100x80000000000000006858960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6d9ee24d83fe72022-01-05 09:18:46.960root 11241100x80000000000000006858961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d35f09a71abd5f52022-01-05 09:18:46.960root 11241100x80000000000000006858962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8758d3f6ecafe9da2022-01-05 09:18:46.960root 11241100x80000000000000006858963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ef89dc594f6ab92022-01-05 09:18:46.960root 11241100x80000000000000006858964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9430f3f4ab06c82022-01-05 09:18:46.961root 11241100x80000000000000006858965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219ee05209f1f25a2022-01-05 09:18:46.961root 11241100x80000000000000006858966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a9fb9ffed268352022-01-05 09:18:46.961root 11241100x80000000000000006858967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20cbb34bcc4a3862022-01-05 09:18:46.961root 11241100x80000000000000006858968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19bd303af2fd2df2022-01-05 09:18:46.961root 11241100x80000000000000006858969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae51bf2cd3805042022-01-05 09:18:46.961root 11241100x80000000000000006858970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ad3a98c63ce6652022-01-05 09:18:46.961root 11241100x80000000000000006858971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17ab01454bdc4ba2022-01-05 09:18:46.961root 11241100x80000000000000006858972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494bf2230d8bd8d72022-01-05 09:18:46.961root 11241100x80000000000000006858973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc026362860e6492022-01-05 09:18:46.961root 11241100x80000000000000006858974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afc2b7b83d2a2b52022-01-05 09:18:46.961root 11241100x80000000000000006858975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1800fc2bc36fec32022-01-05 09:18:46.962root 11241100x80000000000000006858976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bc8b329256c8972022-01-05 09:18:46.962root 11241100x80000000000000006858977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5889d7b5a0aff9c2022-01-05 09:18:46.962root 11241100x80000000000000006858978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091423419b0a2fb2022-01-05 09:18:46.962root 11241100x80000000000000006858979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599e6ab3000ebef52022-01-05 09:18:46.962root 11241100x80000000000000006858980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236017cacc49621f2022-01-05 09:18:46.962root 11241100x80000000000000006858981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0544f32d5599b63c2022-01-05 09:18:46.962root 11241100x80000000000000006858982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfda0d6d024351e2022-01-05 09:18:46.962root 11241100x80000000000000006858983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7530bd0b7680f1372022-01-05 09:18:46.964root 11241100x80000000000000006858984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdac5d82d5d0d492022-01-05 09:18:46.964root 11241100x80000000000000006858985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9721557b4382042022-01-05 09:18:46.964root 11241100x80000000000000006858986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496fbe0520c679aa2022-01-05 09:18:46.964root 11241100x80000000000000006858987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5662e6ae7383cbf2022-01-05 09:18:46.964root 11241100x80000000000000006858988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6ca4b8c39f9e0d2022-01-05 09:18:46.964root 11241100x80000000000000006858989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafef8220662c5a02022-01-05 09:18:46.964root 11241100x80000000000000006858990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee15e9cfd10388ea2022-01-05 09:18:46.964root 11241100x80000000000000006858991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c654dd90b1d1cbe22022-01-05 09:18:46.964root 11241100x80000000000000006858992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38eb5b23bc8caaa42022-01-05 09:18:46.965root 11241100x80000000000000006858993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8bcd49c54581542022-01-05 09:18:46.965root 11241100x80000000000000006858994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229c858fc252dbc02022-01-05 09:18:46.965root 11241100x80000000000000006858995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ac48ac164fc4a2022-01-05 09:18:46.965root 11241100x80000000000000006858996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30440f15af59d4ce2022-01-05 09:18:46.965root 11241100x80000000000000006858997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327c2ad5566396a22022-01-05 09:18:46.965root 11241100x80000000000000006858998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851ceed3488407d32022-01-05 09:18:46.965root 11241100x80000000000000006858999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee8e65510b74e2e2022-01-05 09:18:46.965root 11241100x80000000000000006859000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1f292f6f9bb0d22022-01-05 09:18:46.966root 11241100x80000000000000006859001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828effb4d0b8b6d72022-01-05 09:18:46.966root 11241100x80000000000000006859002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d71fc3d1aca890c2022-01-05 09:18:46.966root 11241100x80000000000000006859003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007cf4212168b8d22022-01-05 09:18:46.966root 11241100x80000000000000006859004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:46.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85fb684f98317ed2022-01-05 09:18:46.966root 11241100x80000000000000006859005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753521bc4328e5242022-01-05 09:18:47.460root 11241100x80000000000000006859006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c67b3af9032b3e2022-01-05 09:18:47.460root 11241100x80000000000000006859007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488d571825051aae2022-01-05 09:18:47.460root 11241100x80000000000000006859008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b6330bfda78cd2022-01-05 09:18:47.460root 11241100x80000000000000006859009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0007375ac1ed28252022-01-05 09:18:47.460root 11241100x80000000000000006859010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20833b282809d03d2022-01-05 09:18:47.460root 11241100x80000000000000006859011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7548dc6c4c536e1b2022-01-05 09:18:47.461root 11241100x80000000000000006859012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290503a0ec2f0eed2022-01-05 09:18:47.461root 11241100x80000000000000006859013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b058553a94fa7e2022-01-05 09:18:47.461root 11241100x80000000000000006859014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130e1fb0723192c12022-01-05 09:18:47.461root 11241100x80000000000000006859015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49aba2b44240432022-01-05 09:18:47.461root 11241100x80000000000000006859016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf1378c34f1665d2022-01-05 09:18:47.461root 11241100x80000000000000006859017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607badbe50ad33ab2022-01-05 09:18:47.461root 11241100x80000000000000006859018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd598de8f9861cd2022-01-05 09:18:47.461root 11241100x80000000000000006859019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929394c8ac1dc6d2022-01-05 09:18:47.461root 11241100x80000000000000006859020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ff60fe85415f512022-01-05 09:18:47.462root 11241100x80000000000000006859021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cad71161996ca42022-01-05 09:18:47.462root 11241100x80000000000000006859022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e199ac946b7f9f9c2022-01-05 09:18:47.462root 11241100x80000000000000006859023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0a279103aa90392022-01-05 09:18:47.462root 11241100x80000000000000006859024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49323f403445af2022-01-05 09:18:47.462root 11241100x80000000000000006859025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855024f7692a79f2022-01-05 09:18:47.462root 11241100x80000000000000006859026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e7dffbeaf250152022-01-05 09:18:47.462root 11241100x80000000000000006859027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea0824571f883ca2022-01-05 09:18:47.462root 11241100x80000000000000006859028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ec713e2ea13a432022-01-05 09:18:47.463root 11241100x80000000000000006859029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3cb346c76e56eb2022-01-05 09:18:47.463root 11241100x80000000000000006859030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97afe669f3e6f6fb2022-01-05 09:18:47.463root 11241100x80000000000000006859031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fa3ab2d072e0ae2022-01-05 09:18:47.960root 11241100x80000000000000006859032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa55c3eb76e2ae082022-01-05 09:18:47.960root 11241100x80000000000000006859033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbae0d51f89e4b12022-01-05 09:18:47.960root 11241100x80000000000000006859034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9241455cfdd19d2e2022-01-05 09:18:47.960root 11241100x80000000000000006859035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798eefcc007beeb02022-01-05 09:18:47.961root 11241100x80000000000000006859036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac380572eacc37812022-01-05 09:18:47.961root 11241100x80000000000000006859037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144125b965905f3a2022-01-05 09:18:47.961root 11241100x80000000000000006859038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7189dfb25d58ba452022-01-05 09:18:47.961root 11241100x80000000000000006859039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43901a884cf8d3c2022-01-05 09:18:47.961root 11241100x80000000000000006859040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ff85f80df91f22022-01-05 09:18:47.961root 11241100x80000000000000006859041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e93b765faf1312022-01-05 09:18:47.962root 11241100x80000000000000006859042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83142038c37768ab2022-01-05 09:18:47.962root 11241100x80000000000000006859043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54fef45084f6a4e2022-01-05 09:18:47.962root 11241100x80000000000000006859044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d578d6da95831112022-01-05 09:18:47.962root 11241100x80000000000000006859045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5ad82e69cf9cc42022-01-05 09:18:47.962root 11241100x80000000000000006859046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbecea26340d5e32022-01-05 09:18:47.962root 11241100x80000000000000006859047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc877c18f3d1be02022-01-05 09:18:47.962root 11241100x80000000000000006859048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ddd75c471dc062022-01-05 09:18:47.963root 11241100x80000000000000006859049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4843f63d1af844652022-01-05 09:18:47.963root 11241100x80000000000000006859050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eafe39401a754d72022-01-05 09:18:47.963root 11241100x80000000000000006859051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079f5cacffff4e0e2022-01-05 09:18:47.963root 11241100x80000000000000006859052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa07bf2f6f19072022-01-05 09:18:47.963root 11241100x80000000000000006859053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d24fecd5fd2a0252022-01-05 09:18:47.963root 11241100x80000000000000006859054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa319cd1fc1aefb2022-01-05 09:18:47.964root 11241100x80000000000000006859055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232baa2c1a5152d22022-01-05 09:18:47.964root 11241100x80000000000000006859056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:47.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be392c092ce90a52022-01-05 09:18:47.964root 11241100x80000000000000006859057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cffab7b2ff88c62022-01-05 09:18:48.460root 11241100x80000000000000006859058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb282ec91749cc02022-01-05 09:18:48.460root 11241100x80000000000000006859059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1316fde57b992522022-01-05 09:18:48.460root 11241100x80000000000000006859060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ec2d3501f892272022-01-05 09:18:48.460root 11241100x80000000000000006859061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8471de47d6f6035b2022-01-05 09:18:48.460root 11241100x80000000000000006859062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c74543fb7e5f0b2022-01-05 09:18:48.461root 11241100x80000000000000006859063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3440a52965d0d42022-01-05 09:18:48.461root 11241100x80000000000000006859064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414bf948c607bb5f2022-01-05 09:18:48.461root 11241100x80000000000000006859065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d6788a0019a9ba2022-01-05 09:18:48.461root 11241100x80000000000000006859066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff3b28879d79b62022-01-05 09:18:48.461root 11241100x80000000000000006859067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4357a69673608302022-01-05 09:18:48.461root 11241100x80000000000000006859068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98310bdde4e8c902022-01-05 09:18:48.461root 11241100x80000000000000006859069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00aba603bc94d2d52022-01-05 09:18:48.462root 11241100x80000000000000006859070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a9b68f931b4372022-01-05 09:18:48.462root 11241100x80000000000000006859071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c387ce3ef313b9502022-01-05 09:18:48.462root 11241100x80000000000000006859072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c45c7f1e601d4b2022-01-05 09:18:48.462root 11241100x80000000000000006859073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314ae285846f21552022-01-05 09:18:48.462root 11241100x80000000000000006859074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1ec21eac46ec2c2022-01-05 09:18:48.462root 11241100x80000000000000006859075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291b5d737ca7ed272022-01-05 09:18:48.462root 11241100x80000000000000006859076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0c14c4ab03d3712022-01-05 09:18:48.463root 11241100x80000000000000006859077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e6df5ebc0c5fc72022-01-05 09:18:48.463root 11241100x80000000000000006859078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce960479493e16d42022-01-05 09:18:48.463root 11241100x80000000000000006859079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80801fffa1137e8a2022-01-05 09:18:48.463root 11241100x80000000000000006859080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951673c271cc2ae62022-01-05 09:18:48.463root 11241100x80000000000000006859081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8ba53dc64f88822022-01-05 09:18:48.463root 11241100x80000000000000006859082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8d6ed4eee9577b2022-01-05 09:18:48.463root 11241100x80000000000000006859083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece083aef72ab1f02022-01-05 09:18:48.960root 11241100x80000000000000006859084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97678b6dd44692f12022-01-05 09:18:48.960root 11241100x80000000000000006859085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b32c6fb0602cbb62022-01-05 09:18:48.960root 11241100x80000000000000006859086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b1a6e84eef1d082022-01-05 09:18:48.960root 11241100x80000000000000006859087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548cf95b9a40a0f22022-01-05 09:18:48.960root 11241100x80000000000000006859088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b883d5412ce14d912022-01-05 09:18:48.960root 11241100x80000000000000006859089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c035b702bf55d3d2022-01-05 09:18:48.961root 11241100x80000000000000006859090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50710c252b5fed122022-01-05 09:18:48.961root 11241100x80000000000000006859091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3d3849b15766bf2022-01-05 09:18:48.961root 11241100x80000000000000006859092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65c269ed4166b3d2022-01-05 09:18:48.961root 11241100x80000000000000006859093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b96387564e18812022-01-05 09:18:48.961root 11241100x80000000000000006859094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910e944e2ddf4dd2022-01-05 09:18:48.961root 11241100x80000000000000006859095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6452b96e19a1b3392022-01-05 09:18:48.961root 11241100x80000000000000006859096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83830f17a08b5a22022-01-05 09:18:48.961root 11241100x80000000000000006859097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abf84f58d1615d72022-01-05 09:18:48.961root 11241100x80000000000000006859098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cd0c07f02e9e522022-01-05 09:18:48.961root 11241100x80000000000000006859099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dbb4a19c992c8b2022-01-05 09:18:48.962root 11241100x80000000000000006859100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d323d9838fd892022-01-05 09:18:48.962root 11241100x80000000000000006859101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c447428a25e00142022-01-05 09:18:48.962root 11241100x80000000000000006859102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c23f3a05dc753112022-01-05 09:18:48.962root 11241100x80000000000000006859103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53616e26347b84f2022-01-05 09:18:48.962root 11241100x80000000000000006859104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b854396eecf182022-01-05 09:18:48.962root 11241100x80000000000000006859105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252155acd54096972022-01-05 09:18:48.962root 11241100x80000000000000006859106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ef31f4a31395432022-01-05 09:18:48.962root 11241100x80000000000000006859107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2f4d52e6f6173f2022-01-05 09:18:48.962root 11241100x80000000000000006859108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8769316d389f82022-01-05 09:18:48.962root 11241100x80000000000000006859109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0689ed07f20e7e62022-01-05 09:18:49.460root 11241100x80000000000000006859110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5a64d6257de4122022-01-05 09:18:49.460root 11241100x80000000000000006859111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10957b8f4b4b05772022-01-05 09:18:49.460root 11241100x80000000000000006859112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92202742521105c2022-01-05 09:18:49.460root 11241100x80000000000000006859113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9606d72158d00342022-01-05 09:18:49.460root 11241100x80000000000000006859114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498c74f5f5e2baae2022-01-05 09:18:49.461root 11241100x80000000000000006859115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac06c94b6810fc272022-01-05 09:18:49.461root 11241100x80000000000000006859116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc77fbec83cd3e82022-01-05 09:18:49.461root 11241100x80000000000000006859117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747fb37264ac391d2022-01-05 09:18:49.461root 11241100x80000000000000006859118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef85b7fdf6e4e62022-01-05 09:18:49.461root 11241100x80000000000000006859119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8441630717382e062022-01-05 09:18:49.461root 11241100x80000000000000006859120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a363b8230bcde6252022-01-05 09:18:49.462root 11241100x80000000000000006859121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520b5bdf8d2e80552022-01-05 09:18:49.462root 11241100x80000000000000006859122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b917be4690aa3a2022-01-05 09:18:49.462root 11241100x80000000000000006859123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3a413d54d114962022-01-05 09:18:49.462root 11241100x80000000000000006859124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7bf0a54ab270202022-01-05 09:18:49.462root 11241100x80000000000000006859125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2521a723fb8530392022-01-05 09:18:49.462root 11241100x80000000000000006859126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41792192966808852022-01-05 09:18:49.462root 11241100x80000000000000006859127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668346166149f24f2022-01-05 09:18:49.463root 11241100x80000000000000006859128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a9cc16d422d6fb2022-01-05 09:18:49.463root 11241100x80000000000000006859129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59eed92568283f72022-01-05 09:18:49.463root 11241100x80000000000000006859130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5038792236a2ca12022-01-05 09:18:49.463root 11241100x80000000000000006859131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92b5692be72f182022-01-05 09:18:49.463root 11241100x80000000000000006859132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb62fd0b9376e302022-01-05 09:18:49.463root 11241100x80000000000000006859133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630d54eb0b5228df2022-01-05 09:18:49.463root 11241100x80000000000000006859134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de9bdc62ec026c62022-01-05 09:18:49.463root 11241100x80000000000000006859135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2324bee4548c21df2022-01-05 09:18:49.960root 11241100x80000000000000006859136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20497757432cd7dc2022-01-05 09:18:49.960root 11241100x80000000000000006859137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc25f113d0a2ac82022-01-05 09:18:49.960root 11241100x80000000000000006859138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174488e4e02a3292022-01-05 09:18:49.960root 11241100x80000000000000006859139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f5a76eb92a1862022-01-05 09:18:49.960root 11241100x80000000000000006859140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7071b301affe9c32022-01-05 09:18:49.961root 11241100x80000000000000006859141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eeb8b60183e91d2022-01-05 09:18:49.961root 11241100x80000000000000006859142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f26fe77f9f917652022-01-05 09:18:49.961root 11241100x80000000000000006859143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b068b6ca4370c42022-01-05 09:18:49.961root 11241100x80000000000000006859144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bdc650d6c6e1db2022-01-05 09:18:49.961root 11241100x80000000000000006859145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09967a4adccbb0022022-01-05 09:18:49.962root 11241100x80000000000000006859146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb8fa4afc64fda72022-01-05 09:18:49.962root 11241100x80000000000000006859147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2920ff7db09c24592022-01-05 09:18:49.962root 11241100x80000000000000006859148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d36c05828946ec2022-01-05 09:18:49.962root 11241100x80000000000000006859149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32deac2c00fc70472022-01-05 09:18:49.962root 11241100x80000000000000006859150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505d445c982018f82022-01-05 09:18:49.962root 11241100x80000000000000006859151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4f050da6f60e482022-01-05 09:18:49.962root 11241100x80000000000000006859152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebde1bf21b4872032022-01-05 09:18:49.962root 11241100x80000000000000006859153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3831ee3bf96d27082022-01-05 09:18:49.962root 11241100x80000000000000006859154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14477d48c249172022-01-05 09:18:49.962root 11241100x80000000000000006859155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861e6ad4bb7f0b442022-01-05 09:18:49.962root 11241100x80000000000000006859156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f0de3db24bb40c2022-01-05 09:18:49.962root 11241100x80000000000000006859157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46850e4006e8990b2022-01-05 09:18:49.962root 11241100x80000000000000006859158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13688c6121a7d2c42022-01-05 09:18:49.962root 11241100x80000000000000006859159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da503f2f56b66242022-01-05 09:18:49.963root 11241100x80000000000000006859160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fe1d15b32b69132022-01-05 09:18:49.963root 354300x80000000000000006859161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.190{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40660-false10.0.1.12-8000- 11241100x80000000000000006859162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ede35900c1ac342022-01-05 09:18:50.460root 11241100x80000000000000006859163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29357832c5eb0bd92022-01-05 09:18:50.460root 11241100x80000000000000006859164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3e00a62e04b7a92022-01-05 09:18:50.460root 11241100x80000000000000006859165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ca902a58b051802022-01-05 09:18:50.460root 11241100x80000000000000006859166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7177d854c84b6f2022-01-05 09:18:50.460root 11241100x80000000000000006859167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450a92153ce9375b2022-01-05 09:18:50.460root 11241100x80000000000000006859168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b606e42cb9d5f4e2022-01-05 09:18:50.460root 11241100x80000000000000006859169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6131e0fb28f7672022-01-05 09:18:50.460root 11241100x80000000000000006859170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f690927a92a4748d2022-01-05 09:18:50.460root 11241100x80000000000000006859171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db9908efb6926262022-01-05 09:18:50.461root 11241100x80000000000000006859172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a7cd4b2ca30b152022-01-05 09:18:50.461root 11241100x80000000000000006859173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab2d88185eaff8f2022-01-05 09:18:50.461root 11241100x80000000000000006859174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dde4ab7a30ae6e2022-01-05 09:18:50.461root 11241100x80000000000000006859175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943da6aab044d9e2022-01-05 09:18:50.461root 11241100x80000000000000006859176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c313c3ad70c726ea2022-01-05 09:18:50.461root 11241100x80000000000000006859177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c1cf74881b886e2022-01-05 09:18:50.461root 11241100x80000000000000006859178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ac376e67dc8872022-01-05 09:18:50.461root 11241100x80000000000000006859179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec4ea9be133ab812022-01-05 09:18:50.461root 11241100x80000000000000006859180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ac5dc2ad20df02022-01-05 09:18:50.461root 11241100x80000000000000006859181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde5e375af6f60a92022-01-05 09:18:50.461root 11241100x80000000000000006859182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7df3f8cb80f4572022-01-05 09:18:50.461root 11241100x80000000000000006859183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce99e9a200a461492022-01-05 09:18:50.461root 11241100x80000000000000006859184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5d8836119d73d12022-01-05 09:18:50.461root 11241100x80000000000000006859185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6263952f6c82b2832022-01-05 09:18:50.461root 11241100x80000000000000006859186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8957f87ae78aee32022-01-05 09:18:50.462root 11241100x80000000000000006859187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee314e9b8c80c3622022-01-05 09:18:50.462root 11241100x80000000000000006859188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44670d01d941f6542022-01-05 09:18:50.462root 11241100x80000000000000006859189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91a879c33e5cc2d2022-01-05 09:18:50.960root 11241100x80000000000000006859190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559d76368d6ee6d92022-01-05 09:18:50.960root 11241100x80000000000000006859191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cb75db1f2ddf142022-01-05 09:18:50.960root 11241100x80000000000000006859192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7090607a194e4d852022-01-05 09:18:50.960root 11241100x80000000000000006859193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12598546c6ff654b2022-01-05 09:18:50.961root 11241100x80000000000000006859194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaf2a26b65d91812022-01-05 09:18:50.961root 11241100x80000000000000006859195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7846bd0cd4be8ba02022-01-05 09:18:50.961root 11241100x80000000000000006859196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0359b09f798e299e2022-01-05 09:18:50.961root 11241100x80000000000000006859197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323442729c4dd6522022-01-05 09:18:50.961root 11241100x80000000000000006859198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01372e7c30efec2c2022-01-05 09:18:50.961root 11241100x80000000000000006859199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c419dcfcae3870412022-01-05 09:18:50.961root 11241100x80000000000000006859200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a769bf2134d3132022-01-05 09:18:50.961root 11241100x80000000000000006859201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d296ac7913f8762022-01-05 09:18:50.961root 11241100x80000000000000006859202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fb249761b377da2022-01-05 09:18:50.961root 11241100x80000000000000006859203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9982e87b9192b3a2022-01-05 09:18:50.961root 11241100x80000000000000006859204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431d51ef92b704372022-01-05 09:18:50.961root 11241100x80000000000000006859205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da595c6f0038f4952022-01-05 09:18:50.961root 11241100x80000000000000006859206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87c96ebfdab25b32022-01-05 09:18:50.961root 11241100x80000000000000006859207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f408ea43d33d972022-01-05 09:18:50.961root 11241100x80000000000000006859208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11a0cc8d3384d102022-01-05 09:18:50.961root 11241100x80000000000000006859209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db07e649ed587922022-01-05 09:18:50.962root 11241100x80000000000000006859210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31112587c9b58322022-01-05 09:18:50.962root 11241100x80000000000000006859211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6e38a78f0f2a842022-01-05 09:18:50.962root 11241100x80000000000000006859212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddfaad0be90ac022022-01-05 09:18:50.962root 11241100x80000000000000006859213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cb34bed7713d512022-01-05 09:18:50.962root 11241100x80000000000000006859214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf5bdcc0ceeff902022-01-05 09:18:50.962root 11241100x80000000000000006859215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81c3ad3e10d280a2022-01-05 09:18:50.962root 11241100x80000000000000006859216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d616a1a7bc9425622022-01-05 09:18:51.460root 11241100x80000000000000006859217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32159ffec241d4722022-01-05 09:18:51.460root 11241100x80000000000000006859218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c8212a708740a32022-01-05 09:18:51.460root 11241100x80000000000000006859219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5049947051d0f9d72022-01-05 09:18:51.460root 11241100x80000000000000006859220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3f7fb501ace0272022-01-05 09:18:51.461root 11241100x80000000000000006859221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1edcd8fa9bc9f92022-01-05 09:18:51.461root 11241100x80000000000000006859222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a036f876c1d4a12022-01-05 09:18:51.461root 11241100x80000000000000006859223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6de4c18fb2c3b42022-01-05 09:18:51.461root 11241100x80000000000000006859224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6148716bab9b402022-01-05 09:18:51.461root 11241100x80000000000000006859225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e300042dc7dc91632022-01-05 09:18:51.461root 11241100x80000000000000006859226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d865d6a59f40267f2022-01-05 09:18:51.461root 11241100x80000000000000006859227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8a2a08757cb3182022-01-05 09:18:51.461root 11241100x80000000000000006859228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3265cc5dff46f22022-01-05 09:18:51.461root 11241100x80000000000000006859229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a852ab8f965f12912022-01-05 09:18:51.461root 11241100x80000000000000006859230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc3d9487007598f2022-01-05 09:18:51.461root 11241100x80000000000000006859231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e850f59d5ff336772022-01-05 09:18:51.461root 11241100x80000000000000006859232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb0b7a1e897c75c2022-01-05 09:18:51.461root 11241100x80000000000000006859233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4e587015d438ee2022-01-05 09:18:51.461root 11241100x80000000000000006859234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b09b0e0784add2022-01-05 09:18:51.461root 11241100x80000000000000006859235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b358e741bb02462d2022-01-05 09:18:51.462root 11241100x80000000000000006859236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4efaa00720259e72022-01-05 09:18:51.462root 11241100x80000000000000006859237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c86e8536bee8d552022-01-05 09:18:51.462root 11241100x80000000000000006859238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85692d5730390d502022-01-05 09:18:51.462root 11241100x80000000000000006859239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a707ff85ea14372022-01-05 09:18:51.462root 11241100x80000000000000006859240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eba50adefd76f062022-01-05 09:18:51.462root 11241100x80000000000000006859241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3c274b4b4416eb2022-01-05 09:18:51.462root 11241100x80000000000000006859242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c377f6a119e79bd2022-01-05 09:18:51.462root 11241100x80000000000000006859243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff39830aa37f6bc2022-01-05 09:18:51.960root 11241100x80000000000000006859244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230a70961d429dea2022-01-05 09:18:51.960root 11241100x80000000000000006859245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae6038ec709ac8a2022-01-05 09:18:51.960root 11241100x80000000000000006859246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1483bebadbc8d9e02022-01-05 09:18:51.960root 11241100x80000000000000006859247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2299a0942ac2fcfb2022-01-05 09:18:51.960root 11241100x80000000000000006859248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447a18ee2d6309332022-01-05 09:18:51.960root 11241100x80000000000000006859249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b898c0f721ac8d0e2022-01-05 09:18:51.960root 11241100x80000000000000006859250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aea7a0ff2a82ee22022-01-05 09:18:51.961root 11241100x80000000000000006859251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63de8eb45df408622022-01-05 09:18:51.961root 11241100x80000000000000006859252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29734ce97dbdd7112022-01-05 09:18:51.961root 11241100x80000000000000006859253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99d585e0d7d2152022-01-05 09:18:51.961root 11241100x80000000000000006859254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d17601331979e962022-01-05 09:18:51.961root 11241100x80000000000000006859255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75bbf31448d1ce02022-01-05 09:18:51.961root 11241100x80000000000000006859256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f56694cd0104cf2022-01-05 09:18:51.961root 11241100x80000000000000006859257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5570e33f83412dd72022-01-05 09:18:51.961root 11241100x80000000000000006859258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea3dda290b36472022-01-05 09:18:51.961root 11241100x80000000000000006859259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef11fa6fc4bc37e2022-01-05 09:18:51.961root 11241100x80000000000000006859260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193d25987caf8842022-01-05 09:18:51.961root 11241100x80000000000000006859261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a6c2a8f7c401e52022-01-05 09:18:51.962root 11241100x80000000000000006859262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bcb0541c145fb732022-01-05 09:18:51.962root 11241100x80000000000000006859263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b116518e0f10c262022-01-05 09:18:51.962root 11241100x80000000000000006859264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03d650a27c6fdf2022-01-05 09:18:51.962root 11241100x80000000000000006859265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9365b0d7833351ae2022-01-05 09:18:51.962root 11241100x80000000000000006859266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f7888af8f8bd0e2022-01-05 09:18:51.962root 11241100x80000000000000006859267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dd0349eb01aa142022-01-05 09:18:51.962root 11241100x80000000000000006859268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d925f177f6504092022-01-05 09:18:51.962root 11241100x80000000000000006859269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:51.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a87b926b6abe582022-01-05 09:18:51.962root 11241100x80000000000000006859270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412734b2080600be2022-01-05 09:18:52.460root 11241100x80000000000000006859271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66411e3767920c612022-01-05 09:18:52.460root 11241100x80000000000000006859272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1722d425a396da982022-01-05 09:18:52.460root 11241100x80000000000000006859273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd422501810a1f52022-01-05 09:18:52.460root 11241100x80000000000000006859274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ae564980265fae2022-01-05 09:18:52.460root 11241100x80000000000000006859275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c9380f35ea836e2022-01-05 09:18:52.460root 11241100x80000000000000006859276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cd0f63600aeafc2022-01-05 09:18:52.460root 11241100x80000000000000006859277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9fa26715c28aa22022-01-05 09:18:52.461root 11241100x80000000000000006859278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2589afbeea1afd072022-01-05 09:18:52.461root 11241100x80000000000000006859279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30b645b1d3558052022-01-05 09:18:52.461root 11241100x80000000000000006859280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e109b0daf5c1052022-01-05 09:18:52.461root 11241100x80000000000000006859281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eca2bf6dcabc02a2022-01-05 09:18:52.461root 11241100x80000000000000006859282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fa51ef098589262022-01-05 09:18:52.461root 11241100x80000000000000006859283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d45ecda6d377342022-01-05 09:18:52.461root 11241100x80000000000000006859284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb5543b0a9f8692022-01-05 09:18:52.461root 11241100x80000000000000006859285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca62688512ddb72022-01-05 09:18:52.461root 11241100x80000000000000006859286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900a5df76b4f71802022-01-05 09:18:52.461root 11241100x80000000000000006859287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fb855dfde0f3332022-01-05 09:18:52.461root 11241100x80000000000000006859288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28bff6afed4fb582022-01-05 09:18:52.461root 11241100x80000000000000006859289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba9e8e8eebb48692022-01-05 09:18:52.462root 11241100x80000000000000006859290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7b87e7458617452022-01-05 09:18:52.462root 11241100x80000000000000006859291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9016c2ff4682912022-01-05 09:18:52.462root 11241100x80000000000000006859292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeafd7e9b84c748c2022-01-05 09:18:52.462root 11241100x80000000000000006859293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe990d3707827e372022-01-05 09:18:52.462root 11241100x80000000000000006859294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710a86a78f750ff32022-01-05 09:18:52.462root 11241100x80000000000000006859295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47d72048a327dae2022-01-05 09:18:52.462root 11241100x80000000000000006859296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233c68d69396e08d2022-01-05 09:18:52.462root 11241100x80000000000000006859297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d32f1f18f0c5572022-01-05 09:18:52.960root 11241100x80000000000000006859298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca863b74644d7dde2022-01-05 09:18:52.960root 11241100x80000000000000006859299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac24e1c2650fc7a2022-01-05 09:18:52.960root 11241100x80000000000000006859300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a49fff4dd43b7002022-01-05 09:18:52.960root 11241100x80000000000000006859301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed0dd64c40503f32022-01-05 09:18:52.960root 11241100x80000000000000006859302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c1a916cb53ee592022-01-05 09:18:52.960root 11241100x80000000000000006859303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46557037663108db2022-01-05 09:18:52.960root 11241100x80000000000000006859304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4f537493aebc382022-01-05 09:18:52.960root 11241100x80000000000000006859305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b2e06030a41f12022-01-05 09:18:52.960root 11241100x80000000000000006859306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a426ff05ac5f83332022-01-05 09:18:52.961root 11241100x80000000000000006859307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:18:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac028eee13b6c382022-01-05 09:18:52.961root 354300x80000000000000006859339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:01.018{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40664-false10.0.1.12-8000- 11241100x80000000000000006859340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac93499338dce322022-01-05 09:19:01.459root 11241100x80000000000000006859341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b10e62d7748d6652022-01-05 09:19:01.959root 23542300x80000000000000006859342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.403{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006859343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c913d3c4e561a2ac2022-01-05 09:19:02.404root 11241100x80000000000000006859344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bdc9a1bdc2f3f22022-01-05 09:19:02.709root 11241100x80000000000000006859345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28797cf160534dd72022-01-05 09:19:02.709root 11241100x80000000000000006859346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07c466df13b65d62022-01-05 09:19:03.209root 11241100x80000000000000006859347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1568f4482e5aff7b2022-01-05 09:19:03.209root 11241100x80000000000000006859348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9a74dfbe12b5d2022-01-05 09:19:03.709root 11241100x80000000000000006859349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7bd71d0845a042022-01-05 09:19:03.709root 11241100x80000000000000006859350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8b45e0d84257952022-01-05 09:19:04.209root 11241100x80000000000000006859351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b51a83cb60ed22022-01-05 09:19:04.209root 11241100x80000000000000006859352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce137d589c63de42022-01-05 09:19:04.709root 11241100x80000000000000006859353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a407d781db98dd8c2022-01-05 09:19:04.709root 154100x80000000000000006859354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.782{ec2e79f3-6288-61d5-6864-0f76bd550000}22916/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 534500x80000000000000006859355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:04.793{ec2e79f3-6288-61d5-6864-0f76bd550000}22916/bin/psroot 11241100x80000000000000006859356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d9620f446db6862022-01-05 09:19:05.209root 11241100x80000000000000006859357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19e38f2dc5f999c2022-01-05 09:19:05.209root 11241100x80000000000000006859358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625285c165cab1732022-01-05 09:19:05.209root 11241100x80000000000000006859359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300056c0284416e2022-01-05 09:19:05.209root 11241100x80000000000000006859360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2504ace30e8f5e1d2022-01-05 09:19:05.709root 11241100x80000000000000006859361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54277af64d83bea12022-01-05 09:19:05.709root 11241100x80000000000000006859362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e067e7be4dbfb2382022-01-05 09:19:05.709root 11241100x80000000000000006859363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd26e4851241d78d2022-01-05 09:19:05.709root 11241100x80000000000000006859364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249c13aaebe208af2022-01-05 09:19:06.209root 11241100x80000000000000006859365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf66f0b2bd4752572022-01-05 09:19:06.209root 11241100x80000000000000006859366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167778df691eac762022-01-05 09:19:06.209root 11241100x80000000000000006859367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200f6682610abcc92022-01-05 09:19:06.209root 354300x80000000000000006859368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.247{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40666-false10.0.1.12-8000- 11241100x80000000000000006859369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1fece1798aceaf2022-01-05 09:19:06.709root 11241100x80000000000000006859370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64c7e5a47fbbf782022-01-05 09:19:06.709root 11241100x80000000000000006859371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c3a826e9d9eaaa2022-01-05 09:19:06.709root 11241100x80000000000000006859372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0292fc059e0d29d2022-01-05 09:19:06.709root 11241100x80000000000000006859373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79548f73c80fef52022-01-05 09:19:06.709root 11241100x80000000000000006859374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da78870e339cf0512022-01-05 09:19:07.209root 11241100x80000000000000006859375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163249d48efe85372022-01-05 09:19:07.209root 11241100x80000000000000006859376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93088430d9f408de2022-01-05 09:19:07.209root 11241100x80000000000000006859377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ef5a08d51898b82022-01-05 09:19:07.209root 11241100x80000000000000006859378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5af596f8c739b902022-01-05 09:19:07.209root 11241100x80000000000000006859379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385c90e3ad6712672022-01-05 09:19:07.709root 11241100x80000000000000006859380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b0b473b9563d0f2022-01-05 09:19:07.709root 11241100x80000000000000006859381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793fe60ef2aa91ec2022-01-05 09:19:07.709root 11241100x80000000000000006859382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ffbc3687d734a2022-01-05 09:19:07.709root 11241100x80000000000000006859383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c8f624f3e2dee2022-01-05 09:19:07.709root 534500x80000000000000006859384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.162{00000000-0000-0000-0000-000000000000}22917<unknown process>ubuntu 11241100x80000000000000006859385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6857ac3be0fbe2c72022-01-05 09:19:08.163root 11241100x80000000000000006859386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a376ad0b690406432022-01-05 09:19:08.163root 11241100x80000000000000006859387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f19667a5ef7342022-01-05 09:19:08.164root 11241100x80000000000000006859388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828ed1ccc41e7232022-01-05 09:19:08.164root 534500x80000000000000006859389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.164{ec2e79f3-620d-61d5-0000-000000000000}22918-ubuntu 11241100x80000000000000006859390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd15524ce39481f52022-01-05 09:19:08.165root 11241100x80000000000000006859391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash/tmp/sh-thd.06bB7c2022-01-05 09:19:08.165ubuntu 23542300x80000000000000006859392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361ubuntu/bin/bash/tmp/sh-thd.06bB7c--- 11241100x80000000000000006859393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb978ba6d74a882022-01-05 09:19:08.165root 11241100x80000000000000006859394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530fde33ed6fab352022-01-05 09:19:08.459root 11241100x80000000000000006859395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9980b284faa76b02022-01-05 09:19:08.459root 11241100x80000000000000006859396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daeb73fd412a8642022-01-05 09:19:08.459root 11241100x80000000000000006859397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29404e3cc5f12fd92022-01-05 09:19:08.459root 11241100x80000000000000006859398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba863eee007f212022-01-05 09:19:08.459root 11241100x80000000000000006859399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1078c262aae624bf2022-01-05 09:19:08.460root 11241100x80000000000000006859400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c52e0ecf79496512022-01-05 09:19:08.460root 11241100x80000000000000006859401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0ac1a555bbc65e2022-01-05 09:19:08.460root 11241100x80000000000000006859402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ada264a2b7d4c2022-01-05 09:19:08.460root 11241100x80000000000000006859403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b7ca083e4ef9f22022-01-05 09:19:08.959root 11241100x80000000000000006859404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a78eca2b4762db2022-01-05 09:19:08.959root 11241100x80000000000000006859405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c234017549debb2022-01-05 09:19:08.959root 11241100x80000000000000006859406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b3cbaf35546992022-01-05 09:19:08.959root 11241100x80000000000000006859407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9211da7c7f9f82022-01-05 09:19:08.959root 11241100x80000000000000006859408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111b0943dbe4f3382022-01-05 09:19:08.960root 11241100x80000000000000006859409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297472af98a1b0252022-01-05 09:19:08.960root 11241100x80000000000000006859410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeef11fe6c1df962022-01-05 09:19:08.960root 11241100x80000000000000006859411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d364486e4abd07d2022-01-05 09:19:08.960root 11241100x80000000000000006859412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6d1d436949e8532022-01-05 09:19:09.459root 11241100x80000000000000006859413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c2c329dccf98192022-01-05 09:19:09.460root 11241100x80000000000000006859414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03748221138ae9f2022-01-05 09:19:09.460root 11241100x80000000000000006859415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8de4851fcb912d2022-01-05 09:19:09.460root 11241100x80000000000000006859416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f7957b73cf922f2022-01-05 09:19:09.460root 11241100x80000000000000006859417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d19c31755111fc52022-01-05 09:19:09.460root 11241100x80000000000000006859418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4839e94084eec66f2022-01-05 09:19:09.460root 11241100x80000000000000006859419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957e13c70462d4c62022-01-05 09:19:09.460root 11241100x80000000000000006859420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ae140c0ac9f9e42022-01-05 09:19:09.460root 154100x80000000000000006859421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.851{ec2e79f3-628d-61d5-d0d9-083fe9550000}22919/bin/cat-----cat /etc/groups/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 534500x80000000000000006859422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-628d-61d5-d0d9-083fe9550000}22919/bin/catubuntu 11241100x80000000000000006859423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071193e82d4f8dd62022-01-05 09:19:09.852root 11241100x80000000000000006859424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cc56856dd0258b2022-01-05 09:19:09.852root 11241100x80000000000000006859425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc96c2cde1824b12022-01-05 09:19:09.852root 11241100x80000000000000006859426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.852{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f643b1b241063b2022-01-05 09:19:09.852root 11241100x80000000000000006859427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f3e469ea1def52022-01-05 09:19:09.853root 11241100x80000000000000006859428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493b267284a547122022-01-05 09:19:09.853root 11241100x80000000000000006859429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6380ab6840958a1b2022-01-05 09:19:09.853root 11241100x80000000000000006859430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65be77334af03a532022-01-05 09:19:09.853root 11241100x80000000000000006859431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8e14e2204729a72022-01-05 09:19:09.853root 11241100x80000000000000006859432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:09.853{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e370234ee626122022-01-05 09:19:09.853root 11241100x80000000000000006859433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a70c9e4605f2b92022-01-05 09:19:10.209root 11241100x80000000000000006859434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7d9a2762b3f3af2022-01-05 09:19:10.209root 11241100x80000000000000006859435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28afd6e6e4fdacb2022-01-05 09:19:10.210root 11241100x80000000000000006859436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9592d2e9ed17aa3a2022-01-05 09:19:10.210root 11241100x80000000000000006859437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cb1148a2aa02262022-01-05 09:19:10.210root 11241100x80000000000000006859438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629bf23f761127d72022-01-05 09:19:10.210root 11241100x80000000000000006859439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e00e208f29cd5fd2022-01-05 09:19:10.210root 11241100x80000000000000006859440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb1744572977faa2022-01-05 09:19:10.210root 11241100x80000000000000006859441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4009075d60134da2022-01-05 09:19:10.210root 11241100x80000000000000006859442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ab0e2740deadfe2022-01-05 09:19:10.210root 11241100x80000000000000006859443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670ec31ac2ea51e2022-01-05 09:19:10.210root 11241100x80000000000000006859444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e0bf67a52dd7312022-01-05 09:19:10.709root 11241100x80000000000000006859445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5318d18ae9365c5e2022-01-05 09:19:10.709root 11241100x80000000000000006859446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7323cef83103a882022-01-05 09:19:10.709root 11241100x80000000000000006859447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b5be74a8e20e052022-01-05 09:19:10.710root 11241100x80000000000000006859448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410c97a9a8f801942022-01-05 09:19:10.710root 11241100x80000000000000006859449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792e366eb871782f2022-01-05 09:19:10.710root 11241100x80000000000000006859450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0d29d7e779df162022-01-05 09:19:10.710root 11241100x80000000000000006859451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd759dea28f922b02022-01-05 09:19:10.710root 11241100x80000000000000006859452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234c60abecfdc9b02022-01-05 09:19:10.710root 11241100x80000000000000006859453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f78307ecb5b35c2022-01-05 09:19:10.710root 11241100x80000000000000006859454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82ca25710c2453d2022-01-05 09:19:10.710root 11241100x80000000000000006859455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648a981fe351e35b2022-01-05 09:19:11.209root 11241100x80000000000000006859456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2385a68ffb1d882022-01-05 09:19:11.209root 11241100x80000000000000006859457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead2b4824313b492022-01-05 09:19:11.209root 11241100x80000000000000006859458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de73cd0eab88b8e92022-01-05 09:19:11.210root 11241100x80000000000000006859459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece1a3edea1e83fd2022-01-05 09:19:11.210root 11241100x80000000000000006859460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd67840754a271242022-01-05 09:19:11.210root 11241100x80000000000000006859461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9699dcf0e7ca612022-01-05 09:19:11.210root 11241100x80000000000000006859462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13148048c8362a62022-01-05 09:19:11.210root 11241100x80000000000000006859463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f56e760703acbba2022-01-05 09:19:11.210root 11241100x80000000000000006859464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48b05c82512bd7e2022-01-05 09:19:11.210root 11241100x80000000000000006859465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b91b6c68ef4eca22022-01-05 09:19:11.210root 11241100x80000000000000006859466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80478ca6eaa41d922022-01-05 09:19:11.709root 11241100x80000000000000006859467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774314883cb4000d2022-01-05 09:19:11.709root 11241100x80000000000000006859468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca863c5b3ad5aa42022-01-05 09:19:11.709root 11241100x80000000000000006859469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7300dd1aafbe70c92022-01-05 09:19:11.710root 11241100x80000000000000006859470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d6c889160d16292022-01-05 09:19:11.710root 11241100x80000000000000006859471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ed699c69f010b12022-01-05 09:19:11.710root 11241100x80000000000000006859472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69aeab9b6dc2e93f2022-01-05 09:19:11.710root 11241100x80000000000000006859473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6540aabe9ac2922022-01-05 09:19:11.710root 11241100x80000000000000006859474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239a928e8d1679da2022-01-05 09:19:11.710root 11241100x80000000000000006859475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253ff88b339754e2022-01-05 09:19:11.710root 11241100x80000000000000006859476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7018e28d52cec62f2022-01-05 09:19:11.710root 354300x80000000000000006859477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.151{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40668-false10.0.1.12-8000- 11241100x80000000000000006859478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfcf3d84c75f2672022-01-05 09:19:12.152root 11241100x80000000000000006859479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00c3689ac83c2d72022-01-05 09:19:12.152root 11241100x80000000000000006859480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f423bbe2e9c7e9c52022-01-05 09:19:12.152root 11241100x80000000000000006859481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f298324b73cf9232022-01-05 09:19:12.152root 11241100x80000000000000006859482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7371c17de22fe12022-01-05 09:19:12.152root 11241100x80000000000000006859483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74db5984a2f743802022-01-05 09:19:12.152root 11241100x80000000000000006859484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.152{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde29e256002ef3f2022-01-05 09:19:12.152root 11241100x80000000000000006859485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0828398a33fe702022-01-05 09:19:12.153root 11241100x80000000000000006859486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fbd13f709563c92022-01-05 09:19:12.153root 11241100x80000000000000006859487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158373c6a9ac2542022-01-05 09:19:12.153root 11241100x80000000000000006859488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b01d9cbc5eb2d672022-01-05 09:19:12.153root 11241100x80000000000000006859489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.153{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3baf2e144e6a5c2022-01-05 09:19:12.153root 11241100x80000000000000006859490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c156f698a29262e2022-01-05 09:19:12.459root 11241100x80000000000000006859491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c812ea6291974d52022-01-05 09:19:12.459root 11241100x80000000000000006859492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300f8cc1f5cc47442022-01-05 09:19:12.459root 11241100x80000000000000006859493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e1ab98cb230bab2022-01-05 09:19:12.460root 11241100x80000000000000006859494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44f39d94ef544d2022-01-05 09:19:12.460root 11241100x80000000000000006859495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e26c3e296813912022-01-05 09:19:12.460root 11241100x80000000000000006859496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23480107b69eeb62022-01-05 09:19:12.460root 11241100x80000000000000006859497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351543330c02cfd02022-01-05 09:19:12.460root 11241100x80000000000000006859498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d6d859ce7104112022-01-05 09:19:12.460root 11241100x80000000000000006859499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528eb9a3d38d485b2022-01-05 09:19:12.460root 11241100x80000000000000006859500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746cae6c744b01c52022-01-05 09:19:12.460root 11241100x80000000000000006859501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a41e107e92f316d2022-01-05 09:19:12.460root 11241100x80000000000000006859502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40d25839aacdd5a2022-01-05 09:19:12.959root 11241100x80000000000000006859503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b416745dd00a887d2022-01-05 09:19:12.960root 11241100x80000000000000006859504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a28087937f09752022-01-05 09:19:12.960root 11241100x80000000000000006859505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83d6194d7a83882022-01-05 09:19:12.960root 11241100x80000000000000006859506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b6ce6a180c1bc52022-01-05 09:19:12.960root 11241100x80000000000000006859507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4123a779e0d268432022-01-05 09:19:12.960root 11241100x80000000000000006859508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8c4497e040b31e2022-01-05 09:19:12.960root 11241100x80000000000000006859509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56591ca11410ee832022-01-05 09:19:12.960root 11241100x80000000000000006859510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4e4dfb012a1b9c2022-01-05 09:19:12.960root 11241100x80000000000000006859511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9461df7e0585a122022-01-05 09:19:12.960root 11241100x80000000000000006859512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3395f035ee0beffa2022-01-05 09:19:12.960root 11241100x80000000000000006859513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e718f9dda950022022-01-05 09:19:12.960root 11241100x80000000000000006859514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f2cf05e33451ec2022-01-05 09:19:13.459root 11241100x80000000000000006859515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3d16be92cbb8e62022-01-05 09:19:13.459root 11241100x80000000000000006859516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4e5bb26dbb598d2022-01-05 09:19:13.459root 11241100x80000000000000006859517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f063fe5a6f24854e2022-01-05 09:19:13.460root 11241100x80000000000000006859518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cf7e8272a4a5cb2022-01-05 09:19:13.460root 11241100x80000000000000006859519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c0caae8659f63e2022-01-05 09:19:13.460root 11241100x80000000000000006859520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faede841c9942aa92022-01-05 09:19:13.460root 11241100x80000000000000006859521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380005b28e53fa8e2022-01-05 09:19:13.460root 11241100x80000000000000006859522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c515bed68f86a02022-01-05 09:19:13.460root 11241100x80000000000000006859523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5334db6171a09a4e2022-01-05 09:19:13.460root 11241100x80000000000000006859524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abde228f2e9632942022-01-05 09:19:13.460root 11241100x80000000000000006859525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5d6202237d2da62022-01-05 09:19:13.460root 11241100x80000000000000006859526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7cee5643f1478a2022-01-05 09:19:13.959root 11241100x80000000000000006859527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e53efcdeeeaff0a2022-01-05 09:19:13.959root 11241100x80000000000000006859528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78676431de048e6e2022-01-05 09:19:13.959root 11241100x80000000000000006859529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef282cbb12a3a5192022-01-05 09:19:13.960root 11241100x80000000000000006859530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68acb751d2a267f2022-01-05 09:19:13.960root 11241100x80000000000000006859531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d22e53e607873a62022-01-05 09:19:13.960root 11241100x80000000000000006859532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bd15af66d392d32022-01-05 09:19:13.960root 11241100x80000000000000006859533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92303d5596ff6f352022-01-05 09:19:13.960root 11241100x80000000000000006859534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb640cc7e68e302022-01-05 09:19:13.960root 11241100x80000000000000006859535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226dfb20b1875632022-01-05 09:19:13.960root 11241100x80000000000000006859536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f0780e9e271a272022-01-05 09:19:13.960root 11241100x80000000000000006859537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9da5166ef6d85de2022-01-05 09:19:13.960root 11241100x80000000000000006859538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd4c9c3ee0fa6642022-01-05 09:19:14.459root 11241100x80000000000000006859539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc4f5f7a61f13d2022-01-05 09:19:14.459root 11241100x80000000000000006859540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc8c23a8797f6a2022-01-05 09:19:14.459root 11241100x80000000000000006859541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a67074e9ba531d22022-01-05 09:19:14.460root 11241100x80000000000000006859542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a592a74694d583ef2022-01-05 09:19:14.460root 11241100x80000000000000006859543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a0c80f9e9326402022-01-05 09:19:14.460root 11241100x80000000000000006859544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75a204b5bc23662022-01-05 09:19:14.460root 11241100x80000000000000006859545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fe1190bb296d762022-01-05 09:19:14.460root 11241100x80000000000000006859546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f576ca1c43984982022-01-05 09:19:14.460root 11241100x80000000000000006859547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a412f44260ce632022-01-05 09:19:14.460root 11241100x80000000000000006859548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e03738ca1b62752022-01-05 09:19:14.460root 11241100x80000000000000006859549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a07cfd7675ef6d32022-01-05 09:19:14.460root 11241100x80000000000000006859550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536354ec4a773a152022-01-05 09:19:14.959root 11241100x80000000000000006859551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c6465c49318fc42022-01-05 09:19:14.959root 11241100x80000000000000006859552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fbee70b0794c582022-01-05 09:19:14.959root 11241100x80000000000000006859553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611b9f17111377f92022-01-05 09:19:14.960root 11241100x80000000000000006859554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8240fcaedefc1d82022-01-05 09:19:14.960root 11241100x80000000000000006859555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e504108ed280c2022-01-05 09:19:14.960root 11241100x80000000000000006859556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce194d0603a29d4b2022-01-05 09:19:14.960root 11241100x80000000000000006859557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0118bd3fd471882022-01-05 09:19:14.960root 11241100x80000000000000006859558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b362f9a9efaeed2022-01-05 09:19:14.960root 11241100x80000000000000006859559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca0c250b62df5e2022-01-05 09:19:14.960root 11241100x80000000000000006859560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa1d11a13c07c962022-01-05 09:19:14.960root 11241100x80000000000000006859561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf99676e38e5d782022-01-05 09:19:14.960root 11241100x80000000000000006859562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a10ec49595f14132022-01-05 09:19:15.459root 11241100x80000000000000006859563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef90877f1e23cf52022-01-05 09:19:15.459root 11241100x80000000000000006859564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52eade1eae2b071e2022-01-05 09:19:15.460root 11241100x80000000000000006859565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac2d947c8582af82022-01-05 09:19:15.460root 11241100x80000000000000006859566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf8483036f475922022-01-05 09:19:15.460root 11241100x80000000000000006859567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3645ba1c10cfc582022-01-05 09:19:15.460root 11241100x80000000000000006859568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1d96f69c5efa12022-01-05 09:19:15.460root 11241100x80000000000000006859569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927e0cef4222951d2022-01-05 09:19:15.460root 11241100x80000000000000006859570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff0a447f9da67582022-01-05 09:19:15.460root 11241100x80000000000000006859571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e766b089a7d86c932022-01-05 09:19:15.460root 11241100x80000000000000006859572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547446e8c81adbef2022-01-05 09:19:15.461root 11241100x80000000000000006859573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386d897a04dd19192022-01-05 09:19:15.461root 11241100x80000000000000006859574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b88dd2893449de2022-01-05 09:19:15.959root 11241100x80000000000000006859575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e1f31c677f86892022-01-05 09:19:15.959root 11241100x80000000000000006859576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6421749a9ac2162022-01-05 09:19:15.960root 11241100x80000000000000006859577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6170a37f9755ab2022-01-05 09:19:15.960root 11241100x80000000000000006859578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6479e04c46ed1ee02022-01-05 09:19:15.960root 11241100x80000000000000006859579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978352b5db199c962022-01-05 09:19:15.960root 11241100x80000000000000006859580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620661cdc9266ece2022-01-05 09:19:15.960root 11241100x80000000000000006859581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7daa951dc674dfa2022-01-05 09:19:15.960root 11241100x80000000000000006859582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598fdc5d52aa71362022-01-05 09:19:15.960root 11241100x80000000000000006859583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769545d58a5ebadf2022-01-05 09:19:15.960root 11241100x80000000000000006859584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c961c2fbba1d5fed2022-01-05 09:19:15.960root 11241100x80000000000000006859585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8baeb3ca78fd6922022-01-05 09:19:15.960root 11241100x80000000000000006859586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7da2da3f25495212022-01-05 09:19:16.460root 11241100x80000000000000006859587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b54dc678fb98622022-01-05 09:19:16.460root 11241100x80000000000000006859588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10d224d54562c462022-01-05 09:19:16.460root 11241100x80000000000000006859589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d5c3c7657647322022-01-05 09:19:16.460root 11241100x80000000000000006859590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d637746b29170df62022-01-05 09:19:16.460root 11241100x80000000000000006859591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13126bf5711f0c022022-01-05 09:19:16.460root 11241100x80000000000000006859592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9ff512137de7742022-01-05 09:19:16.460root 11241100x80000000000000006859593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88b8cb7742df8752022-01-05 09:19:16.460root 11241100x80000000000000006859594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec04df261d4b4ad92022-01-05 09:19:16.460root 11241100x80000000000000006859595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa3cfa597942a972022-01-05 09:19:16.461root 11241100x80000000000000006859596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5920bb8802b294bb2022-01-05 09:19:16.461root 11241100x80000000000000006859597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5952fe8944ced8e02022-01-05 09:19:16.461root 11241100x80000000000000006859598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467e0c4f87c1928c2022-01-05 09:19:16.959root 11241100x80000000000000006859599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e317432c36eb4692022-01-05 09:19:16.959root 11241100x80000000000000006859600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070da3ebba15a4262022-01-05 09:19:16.960root 11241100x80000000000000006859601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698f997e6750a0e52022-01-05 09:19:16.960root 11241100x80000000000000006859602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f9a726e21d909d2022-01-05 09:19:16.960root 11241100x80000000000000006859603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1274881e41312f32022-01-05 09:19:16.960root 11241100x80000000000000006859604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d641db0a09b3b52022-01-05 09:19:16.960root 11241100x80000000000000006859605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e6c6748eec8ac62022-01-05 09:19:16.960root 11241100x80000000000000006859606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2d8316d9e689ba2022-01-05 09:19:16.960root 11241100x80000000000000006859607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe67b27799286b22022-01-05 09:19:16.960root 11241100x80000000000000006859608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec112a1549a774f32022-01-05 09:19:16.960root 11241100x80000000000000006859609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a6b9839c30ba702022-01-05 09:19:16.960root 11241100x80000000000000006859610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa43911a9e3f4f32022-01-05 09:19:17.459root 11241100x80000000000000006859611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5114cff893ed7302022-01-05 09:19:17.459root 11241100x80000000000000006859612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14eb8038717850e2022-01-05 09:19:17.459root 11241100x80000000000000006859613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e15a2ed98b469d2022-01-05 09:19:17.460root 11241100x80000000000000006859614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70436d7b45ef0172022-01-05 09:19:17.460root 11241100x80000000000000006859615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5671840a09fd8e2022-01-05 09:19:17.460root 11241100x80000000000000006859616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1121700a83d7ec2022-01-05 09:19:17.460root 11241100x80000000000000006859617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c6fc7def434692022-01-05 09:19:17.460root 11241100x80000000000000006859618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3729ec1c7d3958652022-01-05 09:19:17.460root 11241100x80000000000000006859619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eec9c7406f9a58e2022-01-05 09:19:17.460root 11241100x80000000000000006859620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55d730af8f05e752022-01-05 09:19:17.460root 11241100x80000000000000006859621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba8b514c1c397b92022-01-05 09:19:17.460root 11241100x80000000000000006859622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07c6d54f6593c1e2022-01-05 09:19:17.959root 11241100x80000000000000006859623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c03207f00c16d62022-01-05 09:19:17.959root 11241100x80000000000000006859624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4732af1e2922ec122022-01-05 09:19:17.960root 11241100x80000000000000006859625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85855335bb8ded0a2022-01-05 09:19:17.960root 11241100x80000000000000006859626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be0000c4e465a042022-01-05 09:19:17.960root 11241100x80000000000000006859627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb0a75ef3ad52e52022-01-05 09:19:17.960root 11241100x80000000000000006859628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300419221c45f39e2022-01-05 09:19:17.960root 11241100x80000000000000006859629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70be2c745144a2c62022-01-05 09:19:17.960root 11241100x80000000000000006859630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1f0e6364920ef12022-01-05 09:19:17.960root 11241100x80000000000000006859631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53678cf44aa6a0222022-01-05 09:19:17.960root 11241100x80000000000000006859632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a2a252cef53e422022-01-05 09:19:17.960root 11241100x80000000000000006859633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b88db14915afef2022-01-05 09:19:17.960root 354300x80000000000000006859634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.079{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40670-false10.0.1.12-8000- 11241100x80000000000000006859635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6b62e22521fe7f2022-01-05 09:19:18.459root 11241100x80000000000000006859636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca94323229df3f5f2022-01-05 09:19:18.460root 11241100x80000000000000006859637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea20bd0ba18e9852022-01-05 09:19:18.460root 11241100x80000000000000006859638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1315654ced455b22022-01-05 09:19:18.460root 11241100x80000000000000006859639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdcbe5b35cff97f2022-01-05 09:19:18.460root 11241100x80000000000000006859640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e9ee58b780f1ff2022-01-05 09:19:18.460root 11241100x80000000000000006859641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d337a0469eac4d2022-01-05 09:19:18.460root 11241100x80000000000000006859642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0494bd0f141365802022-01-05 09:19:18.460root 11241100x80000000000000006859643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfa899f549b42a2022-01-05 09:19:18.460root 11241100x80000000000000006859644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efb7d30219e55382022-01-05 09:19:18.460root 11241100x80000000000000006859645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bcfdb6d8628d672022-01-05 09:19:18.460root 11241100x80000000000000006859646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02edd0bb8eeacbb2022-01-05 09:19:18.460root 11241100x80000000000000006859647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8030ccf67773b95c2022-01-05 09:19:18.460root 11241100x80000000000000006859648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f03986118c68eb2022-01-05 09:19:18.959root 11241100x80000000000000006859649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd4d88c4cb759cb2022-01-05 09:19:18.960root 11241100x80000000000000006859650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2e6ce5b7e24bd2022-01-05 09:19:18.960root 11241100x80000000000000006859651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f99e299a062ca62022-01-05 09:19:18.960root 11241100x80000000000000006859652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9120554c2c133ef2022-01-05 09:19:18.960root 11241100x80000000000000006859653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692889112f7bab9c2022-01-05 09:19:18.960root 11241100x80000000000000006859654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fb06dcaad656bb2022-01-05 09:19:18.960root 11241100x80000000000000006859655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e1fcfefca4d0082022-01-05 09:19:18.960root 11241100x80000000000000006859656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e1e1da38546012022-01-05 09:19:18.960root 11241100x80000000000000006859657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a61acde4cf174b62022-01-05 09:19:18.960root 11241100x80000000000000006859658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c16be29669b1f5f2022-01-05 09:19:18.960root 11241100x80000000000000006859659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774fedce410b416b2022-01-05 09:19:18.960root 11241100x80000000000000006859660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eff7302bcedabdd2022-01-05 09:19:18.961root 11241100x80000000000000006859661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5bdbc498b4e9a2022-01-05 09:19:19.460root 11241100x80000000000000006859662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1fd9e04f9008e2022-01-05 09:19:19.460root 11241100x80000000000000006859663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256a0f241bdad68c2022-01-05 09:19:19.460root 11241100x80000000000000006859664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7f2b97ff8071bb2022-01-05 09:19:19.460root 11241100x80000000000000006859665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3642c3bb6b921c2022-01-05 09:19:19.460root 11241100x80000000000000006859666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00bc6ca2585a1e2022-01-05 09:19:19.460root 11241100x80000000000000006859667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e349b711fa1675af2022-01-05 09:19:19.460root 11241100x80000000000000006859668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128b177eac3ea7ca2022-01-05 09:19:19.460root 11241100x80000000000000006859669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5496ade4883308792022-01-05 09:19:19.462root 11241100x80000000000000006859670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdb80a0184526222022-01-05 09:19:19.462root 11241100x80000000000000006859671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d0bb8ffda7a4662022-01-05 09:19:19.462root 11241100x80000000000000006859672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a023f9e309030452022-01-05 09:19:19.462root 11241100x80000000000000006859673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f67795b00eb60532022-01-05 09:19:19.462root 11241100x80000000000000006859674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a54387d0371da2022-01-05 09:19:19.959root 11241100x80000000000000006859675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff216b1dce5b20b2022-01-05 09:19:19.959root 11241100x80000000000000006859676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f94a42349aa473e2022-01-05 09:19:19.960root 11241100x80000000000000006859677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2d5f7257076062022-01-05 09:19:19.960root 11241100x80000000000000006859678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8816e4d60de2192022-01-05 09:19:19.960root 11241100x80000000000000006859679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd3ad183e748462022-01-05 09:19:19.960root 11241100x80000000000000006859680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00753459538efc892022-01-05 09:19:19.960root 11241100x80000000000000006859681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a5b4f701ccced12022-01-05 09:19:19.960root 11241100x80000000000000006859682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e4f27dcbc844fb2022-01-05 09:19:19.960root 11241100x80000000000000006859683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0b4cf970ac32e82022-01-05 09:19:19.960root 11241100x80000000000000006859684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de361f56f960c352022-01-05 09:19:19.960root 11241100x80000000000000006859685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a14633741bb8b22022-01-05 09:19:19.960root 11241100x80000000000000006859686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd35271acb13facd2022-01-05 09:19:19.960root 11241100x80000000000000006859687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e75feeb1b7601d2022-01-05 09:19:20.459root 11241100x80000000000000006859688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0cf9ef62d6ffbc2022-01-05 09:19:20.459root 11241100x80000000000000006859689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3a559a141986ad2022-01-05 09:19:20.460root 11241100x80000000000000006859690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3d5e27cfb21f72022-01-05 09:19:20.460root 11241100x80000000000000006859691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21082129a5bb03cb2022-01-05 09:19:20.460root 11241100x80000000000000006859692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a335a1b09f01d2022-01-05 09:19:20.460root 11241100x80000000000000006859693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7376ec5b6f79862022-01-05 09:19:20.460root 11241100x80000000000000006859694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453e858edf30d3162022-01-05 09:19:20.460root 11241100x80000000000000006859695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9578ee7405b22edf2022-01-05 09:19:20.460root 11241100x80000000000000006859696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9437a675022d5c2022-01-05 09:19:20.460root 11241100x80000000000000006859697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfa80419fa771562022-01-05 09:19:20.460root 11241100x80000000000000006859698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4637d1d581594ba52022-01-05 09:19:20.460root 11241100x80000000000000006859699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f531d6e90a45bf42022-01-05 09:19:20.460root 11241100x80000000000000006859700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f428c5eaf18947482022-01-05 09:19:20.959root 11241100x80000000000000006859701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed159b5aee04d2a2022-01-05 09:19:20.959root 11241100x80000000000000006859702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96662098bba99c7a2022-01-05 09:19:20.960root 11241100x80000000000000006859703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6567473228343a3b2022-01-05 09:19:20.960root 11241100x80000000000000006859704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2252dd1c76db482022-01-05 09:19:20.960root 11241100x80000000000000006859705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c57e80cb455c522022-01-05 09:19:20.960root 11241100x80000000000000006859706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f381ae900404cca02022-01-05 09:19:20.960root 11241100x80000000000000006859707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5cae449e51710e2022-01-05 09:19:20.960root 11241100x80000000000000006859708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a02a421712bbc22022-01-05 09:19:20.960root 11241100x80000000000000006859709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3942749d006c0532022-01-05 09:19:20.960root 11241100x80000000000000006859710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c56e25ce042a3e2022-01-05 09:19:20.960root 11241100x80000000000000006859711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696510bda2885c752022-01-05 09:19:20.960root 11241100x80000000000000006859712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6909982855b3ecd62022-01-05 09:19:20.960root 11241100x80000000000000006859713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a1a4eafc0e7d0f2022-01-05 09:19:21.459root 11241100x80000000000000006859714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c506230b62a650e2022-01-05 09:19:21.460root 11241100x80000000000000006859715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af1d402601035042022-01-05 09:19:21.460root 11241100x80000000000000006859716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0716bf0e4d7aeab12022-01-05 09:19:21.460root 11241100x80000000000000006859717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcab3ed614a69fa2022-01-05 09:19:21.460root 11241100x80000000000000006859718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e616da6daabea42022-01-05 09:19:21.460root 11241100x80000000000000006859719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2780c232d4f097b2022-01-05 09:19:21.460root 11241100x80000000000000006859720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fb2aecaaee85602022-01-05 09:19:21.460root 11241100x80000000000000006859721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b990380adcc9bd2022-01-05 09:19:21.460root 11241100x80000000000000006859722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abf04a561d191e62022-01-05 09:19:21.460root 11241100x80000000000000006859723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3befe1930e0e202022-01-05 09:19:21.460root 11241100x80000000000000006859724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510bcac8383b3c6c2022-01-05 09:19:21.460root 11241100x80000000000000006859725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee8b5335f9e12122022-01-05 09:19:21.460root 11241100x80000000000000006859726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d97e6dbc3b5f62022-01-05 09:19:21.959root 11241100x80000000000000006859727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82196be82998bd2022-01-05 09:19:21.959root 11241100x80000000000000006859728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6508895072ad22022-01-05 09:19:21.960root 11241100x80000000000000006859729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52764789a29fe2dc2022-01-05 09:19:21.960root 11241100x80000000000000006859730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba958dd5ceae1f6c2022-01-05 09:19:21.960root 11241100x80000000000000006859731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5120699c100eb95b2022-01-05 09:19:21.960root 11241100x80000000000000006859732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a317c8a8f3fa49fd2022-01-05 09:19:21.960root 11241100x80000000000000006859733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a7ca9a68c11d92022-01-05 09:19:21.960root 11241100x80000000000000006859734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018ea80a6a04e6932022-01-05 09:19:21.960root 11241100x80000000000000006859735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eda2d56c710816f2022-01-05 09:19:21.960root 11241100x80000000000000006859736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34351ddf20cf6732022-01-05 09:19:21.960root 11241100x80000000000000006859737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc03447c12aa64ef2022-01-05 09:19:21.960root 11241100x80000000000000006859738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c72e82ba5e72842022-01-05 09:19:21.960root 11241100x80000000000000006859739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b25bcfa5d4a07542022-01-05 09:19:22.459root 11241100x80000000000000006859740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7a36f92cd7182c2022-01-05 09:19:22.459root 11241100x80000000000000006859741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25e2fc4a782713f2022-01-05 09:19:22.460root 11241100x80000000000000006859742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca1b31e95138c72022-01-05 09:19:22.460root 11241100x80000000000000006859743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d8b650ece61d902022-01-05 09:19:22.460root 11241100x80000000000000006859744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd080124a35909f22022-01-05 09:19:22.460root 11241100x80000000000000006859745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9be5d9db8e7b5d12022-01-05 09:19:22.460root 11241100x80000000000000006859746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333927420ee6e2742022-01-05 09:19:22.460root 11241100x80000000000000006859747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d1d6c6b603c342022-01-05 09:19:22.460root 11241100x80000000000000006859748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aed289299a84d882022-01-05 09:19:22.460root 11241100x80000000000000006859749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ed3b3ef44864982022-01-05 09:19:22.460root 11241100x80000000000000006859750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8569a3a0b45ee62022-01-05 09:19:22.460root 11241100x80000000000000006859751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5dde7d1715b6aab2022-01-05 09:19:22.460root 11241100x80000000000000006859752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a6ece1a3689e452022-01-05 09:19:22.959root 11241100x80000000000000006859753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2becb32b535007052022-01-05 09:19:22.959root 11241100x80000000000000006859754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f546be691a8a411e2022-01-05 09:19:22.960root 11241100x80000000000000006859755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9182405cc4d37e2022-01-05 09:19:22.960root 11241100x80000000000000006859756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912f2a9ae2d20b892022-01-05 09:19:22.960root 11241100x80000000000000006859757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669a83d13d437faa2022-01-05 09:19:22.960root 11241100x80000000000000006859758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65810d64d1983f22022-01-05 09:19:22.960root 11241100x80000000000000006859759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0922f2e3b97f2aac2022-01-05 09:19:22.960root 11241100x80000000000000006859760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc681c506a709d12022-01-05 09:19:22.960root 11241100x80000000000000006859761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5828d22c4819c2022-01-05 09:19:22.960root 11241100x80000000000000006859762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26410c5bd4a4a43e2022-01-05 09:19:22.960root 11241100x80000000000000006859763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bca7a6b539010e32022-01-05 09:19:22.960root 11241100x80000000000000006859764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:22.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9445bb0422e5959c2022-01-05 09:19:22.961root 11241100x80000000000000006859765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703bdf531852f9692022-01-05 09:19:23.459root 11241100x80000000000000006859766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba80df93bf138442022-01-05 09:19:23.459root 11241100x80000000000000006859767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3023bb6b344002002022-01-05 09:19:23.460root 11241100x80000000000000006859768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78edbe54b1f35272022-01-05 09:19:23.460root 11241100x80000000000000006859769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587db07062e5c0742022-01-05 09:19:23.460root 11241100x80000000000000006859770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce594bce16869c02022-01-05 09:19:23.460root 11241100x80000000000000006859771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104efe67543175572022-01-05 09:19:23.460root 11241100x80000000000000006859772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f632a250c41303922022-01-05 09:19:23.460root 11241100x80000000000000006859773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f9c9790bf86f12022-01-05 09:19:23.460root 11241100x80000000000000006859774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe94e75d159caae82022-01-05 09:19:23.460root 11241100x80000000000000006859775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3612f6fe701ab52022-01-05 09:19:23.460root 11241100x80000000000000006859776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6fcef4c676a0452022-01-05 09:19:23.460root 11241100x80000000000000006859777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23485e5345e2c4012022-01-05 09:19:23.460root 11241100x80000000000000006859778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e60f67ec43ae3d2022-01-05 09:19:23.959root 11241100x80000000000000006859779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f843ebf639b7a7ad2022-01-05 09:19:23.960root 11241100x80000000000000006859780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8d6a75a9e3ea4e2022-01-05 09:19:23.960root 11241100x80000000000000006859781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1b673f3a9997162022-01-05 09:19:23.960root 11241100x80000000000000006859782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca52c3307c37cb2022-01-05 09:19:23.960root 11241100x80000000000000006859783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c559b6eef4a3fa02022-01-05 09:19:23.960root 11241100x80000000000000006859784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73caac78a2fc1f542022-01-05 09:19:23.960root 11241100x80000000000000006859785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95120a2f1655912a2022-01-05 09:19:23.960root 11241100x80000000000000006859786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a746606e4bff5b2022-01-05 09:19:23.960root 11241100x80000000000000006859787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c59aa770715be4c2022-01-05 09:19:23.960root 11241100x80000000000000006859788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986dbd1777b84602022-01-05 09:19:23.961root 11241100x80000000000000006859789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac99e9aff1380ff52022-01-05 09:19:23.961root 11241100x80000000000000006859790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:23.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1255b80626a6d1612022-01-05 09:19:23.961root 354300x80000000000000006859791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.061{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40672-false10.0.1.12-8000- 11241100x80000000000000006859792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303d921c69794e72022-01-05 09:19:24.459root 11241100x80000000000000006859793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899d370e2f64552c2022-01-05 09:19:24.459root 11241100x80000000000000006859794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63dd60f004d9c722022-01-05 09:19:24.460root 11241100x80000000000000006859795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e6b2d3fc83183b2022-01-05 09:19:24.460root 11241100x80000000000000006859796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069aedce99b269172022-01-05 09:19:24.460root 11241100x80000000000000006859797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b428592e760add12022-01-05 09:19:24.460root 11241100x80000000000000006859798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8f05f32a9927932022-01-05 09:19:24.460root 11241100x80000000000000006859799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c01424cd7a472012022-01-05 09:19:24.460root 11241100x80000000000000006859800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490b5e21ef82d1cd2022-01-05 09:19:24.460root 11241100x80000000000000006859801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ab3d4f574f913b2022-01-05 09:19:24.460root 11241100x80000000000000006859802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb14fb94accdf842022-01-05 09:19:24.460root 11241100x80000000000000006859803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7786f324768456cc2022-01-05 09:19:24.460root 11241100x80000000000000006859804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d885b09778217c2022-01-05 09:19:24.460root 11241100x80000000000000006859805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a61252ac2ea16822022-01-05 09:19:24.460root 11241100x80000000000000006859806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7ee06523cd18b72022-01-05 09:19:24.959root 11241100x80000000000000006859807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3499d771060da72022-01-05 09:19:24.959root 11241100x80000000000000006859808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26828cc65428e5a62022-01-05 09:19:24.960root 11241100x80000000000000006859809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b9b3e4e72fa7e2022-01-05 09:19:24.960root 11241100x80000000000000006859810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e84d5878ce5d9e2022-01-05 09:19:24.960root 11241100x80000000000000006859811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbf22d78ad270a72022-01-05 09:19:24.960root 11241100x80000000000000006859812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0497fc59da1c2aac2022-01-05 09:19:24.960root 11241100x80000000000000006859813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ef19038baaef352022-01-05 09:19:24.960root 11241100x80000000000000006859814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584e7e050d90bc442022-01-05 09:19:24.960root 11241100x80000000000000006859815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0d224ca3fb0bdb2022-01-05 09:19:24.960root 11241100x80000000000000006859816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dd2d47eb048bfc2022-01-05 09:19:24.960root 11241100x80000000000000006859817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e18854770179e92022-01-05 09:19:24.961root 11241100x80000000000000006859818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a512c28744c9c6152022-01-05 09:19:24.961root 11241100x80000000000000006859819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:24.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e619346af8fa21fb2022-01-05 09:19:24.961root 11241100x80000000000000006859820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cf61f734b139782022-01-05 09:19:25.459root 11241100x80000000000000006859821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4cfa73078565e02022-01-05 09:19:25.459root 11241100x80000000000000006859822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d5a7722df890b02022-01-05 09:19:25.460root 11241100x80000000000000006859823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90e97adea1c1efe2022-01-05 09:19:25.460root 11241100x80000000000000006859824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cdf42ab852e0f32022-01-05 09:19:25.460root 11241100x80000000000000006859825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44753d9d127aa6112022-01-05 09:19:25.460root 11241100x80000000000000006859826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac735582885d4362022-01-05 09:19:25.460root 11241100x80000000000000006859827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d300e4e63b9588eb2022-01-05 09:19:25.460root 11241100x80000000000000006859828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084e1bb1a55430942022-01-05 09:19:25.460root 11241100x80000000000000006859829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec47c61e868824f2022-01-05 09:19:25.460root 11241100x80000000000000006859830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdfa8c44baed0942022-01-05 09:19:25.460root 11241100x80000000000000006859831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387cc526935c35902022-01-05 09:19:25.461root 11241100x80000000000000006859832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a74cb0dd4826262022-01-05 09:19:25.461root 11241100x80000000000000006859833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0032198d1a3427862022-01-05 09:19:25.461root 11241100x80000000000000006859834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5273d94f98aaa112022-01-05 09:19:25.959root 11241100x80000000000000006859835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8959e4cabb21be22022-01-05 09:19:25.959root 11241100x80000000000000006859836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1c5a3e4a375e292022-01-05 09:19:25.960root 11241100x80000000000000006859837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ec50cda245abed2022-01-05 09:19:25.960root 11241100x80000000000000006859838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d02d0d7063435f2022-01-05 09:19:25.960root 11241100x80000000000000006859839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d995b5547c79cd2022-01-05 09:19:25.960root 11241100x80000000000000006859840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e739732d80af2a12022-01-05 09:19:25.960root 11241100x80000000000000006859841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f7bdb048f5db642022-01-05 09:19:25.960root 11241100x80000000000000006859842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf416eca1f213182022-01-05 09:19:25.960root 11241100x80000000000000006859843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ebbd0c6638aeb52022-01-05 09:19:25.960root 11241100x80000000000000006859844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e7f6a3e38371ac2022-01-05 09:19:25.960root 11241100x80000000000000006859845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997a323fc6226f02022-01-05 09:19:25.961root 11241100x80000000000000006859846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d8db188ac212362022-01-05 09:19:25.961root 11241100x80000000000000006859847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:25.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b13ab5ff7bce3a2022-01-05 09:19:25.961root 11241100x80000000000000006859848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d85689b91c04582022-01-05 09:19:26.459root 11241100x80000000000000006859849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a80a980771c8e2022-01-05 09:19:26.459root 11241100x80000000000000006859850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc5e47ff3110862022-01-05 09:19:26.460root 11241100x80000000000000006859851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90fd4e5eedb14452022-01-05 09:19:26.460root 11241100x80000000000000006859852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24bdd65870b71482022-01-05 09:19:26.460root 11241100x80000000000000006859853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9f999217a4cc982022-01-05 09:19:26.460root 11241100x80000000000000006859854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36d968e0bbd4af2022-01-05 09:19:26.460root 11241100x80000000000000006859855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc0535817b5873a2022-01-05 09:19:26.460root 11241100x80000000000000006859856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b05505c8bd65fb2022-01-05 09:19:26.460root 11241100x80000000000000006859857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc261959616aaf8d2022-01-05 09:19:26.460root 11241100x80000000000000006859858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857299b7730a39d62022-01-05 09:19:26.460root 11241100x80000000000000006859859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d91c8cdd1f2ea2022-01-05 09:19:26.461root 11241100x80000000000000006859860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c068f4b881e1d2b2022-01-05 09:19:26.461root 11241100x80000000000000006859861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fdbfe5dfc81312022-01-05 09:19:26.461root 11241100x80000000000000006859862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcb79e06ef7b46a2022-01-05 09:19:26.959root 11241100x80000000000000006859863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5038c96424b25dd2022-01-05 09:19:26.959root 11241100x80000000000000006859864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01529afc8f9794792022-01-05 09:19:26.960root 11241100x80000000000000006859865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5570f258361396262022-01-05 09:19:26.960root 11241100x80000000000000006859866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899973db3cfc6302022-01-05 09:19:26.960root 11241100x80000000000000006859867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a641051b8669ccfe2022-01-05 09:19:26.960root 11241100x80000000000000006859868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0172a6551405b22022-01-05 09:19:26.960root 11241100x80000000000000006859869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0263e96ee5d46c2022-01-05 09:19:26.960root 11241100x80000000000000006859870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467134fa36ddad5a2022-01-05 09:19:26.960root 11241100x80000000000000006859871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c268c0710e1390052022-01-05 09:19:26.960root 11241100x80000000000000006859872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099bbb3dedae68632022-01-05 09:19:26.960root 11241100x80000000000000006859873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fab480d2c0436512022-01-05 09:19:26.961root 11241100x80000000000000006859874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc5a6810788071e2022-01-05 09:19:26.961root 11241100x80000000000000006859875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5d0a93076736d72022-01-05 09:19:26.961root 11241100x80000000000000006859876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d51f381d54027b2022-01-05 09:19:27.459root 11241100x80000000000000006859877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497bf0373acc01852022-01-05 09:19:27.459root 11241100x80000000000000006859878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088b46d9a298cdf22022-01-05 09:19:27.460root 11241100x80000000000000006859879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eee84a0c957eb432022-01-05 09:19:27.460root 11241100x80000000000000006859880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da976c645754a4bf2022-01-05 09:19:27.460root 11241100x80000000000000006859881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7fe79c4c4f7cce2022-01-05 09:19:27.460root 11241100x80000000000000006859882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acf3cba4be6d5c52022-01-05 09:19:27.460root 11241100x80000000000000006859883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8204a72bd852bc2022-01-05 09:19:27.460root 11241100x80000000000000006859884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0499a5a0230d97752022-01-05 09:19:27.460root 11241100x80000000000000006859885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63c8d72913049712022-01-05 09:19:27.461root 11241100x80000000000000006859886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4812876c3faf352022-01-05 09:19:27.461root 11241100x80000000000000006859887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9bee9ac717b0b72022-01-05 09:19:27.461root 11241100x80000000000000006859888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7bf0e519e716bc2022-01-05 09:19:27.461root 11241100x80000000000000006859889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d173cd2195c8e5842022-01-05 09:19:27.461root 11241100x80000000000000006859890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769d81bfdba19ec2022-01-05 09:19:27.959root 11241100x80000000000000006859891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18479d68c8e19de92022-01-05 09:19:27.960root 11241100x80000000000000006859892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb7ce2470eebd362022-01-05 09:19:27.960root 11241100x80000000000000006859893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03008f4dfe1d90cd2022-01-05 09:19:27.960root 11241100x80000000000000006859894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584c2f636abe83e42022-01-05 09:19:27.960root 11241100x80000000000000006859895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2682c7eb024c5cbf2022-01-05 09:19:27.960root 11241100x80000000000000006859896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401053a14695ef7d2022-01-05 09:19:27.960root 11241100x80000000000000006859897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1f162140ab50022022-01-05 09:19:27.960root 11241100x80000000000000006859898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3198b4ad566f759b2022-01-05 09:19:27.960root 11241100x80000000000000006859899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336af6192b8a1de32022-01-05 09:19:27.960root 11241100x80000000000000006859900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e408c40e3edec9242022-01-05 09:19:27.961root 11241100x80000000000000006859901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819073a4e617b9e02022-01-05 09:19:27.961root 11241100x80000000000000006859902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37bc3a250b05902022-01-05 09:19:27.961root 11241100x80000000000000006859903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b56fcc1d60dbd972022-01-05 09:19:27.961root 11241100x80000000000000006859904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485e4bc1552586492022-01-05 09:19:28.459root 11241100x80000000000000006859905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44603826fdd647b2022-01-05 09:19:28.459root 11241100x80000000000000006859906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8591dd9effd9a1752022-01-05 09:19:28.460root 11241100x80000000000000006859907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d853874c6024815f2022-01-05 09:19:28.460root 11241100x80000000000000006859908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414216c6ababab242022-01-05 09:19:28.460root 11241100x80000000000000006859909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cc995f784493d82022-01-05 09:19:28.460root 11241100x80000000000000006859910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa6b97f69dc89ef2022-01-05 09:19:28.460root 11241100x80000000000000006859911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45977e0582312e72022-01-05 09:19:28.460root 11241100x80000000000000006859912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be1b86aade173b72022-01-05 09:19:28.460root 11241100x80000000000000006859913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e13ec7b3847e7ae2022-01-05 09:19:28.460root 11241100x80000000000000006859914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d9757944a01b392022-01-05 09:19:28.460root 11241100x80000000000000006859915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665315d8744d08b32022-01-05 09:19:28.461root 11241100x80000000000000006859916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f26a58dad213052022-01-05 09:19:28.461root 11241100x80000000000000006859917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7533a87552057c2022-01-05 09:19:28.461root 11241100x80000000000000006859918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae2aa6d8ba3473b2022-01-05 09:19:28.959root 11241100x80000000000000006859919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f003af6f69651462022-01-05 09:19:28.960root 11241100x80000000000000006859920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca28420922acae6e2022-01-05 09:19:28.960root 11241100x80000000000000006859921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2288611bc8faa72022-01-05 09:19:28.960root 11241100x80000000000000006859922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf515bbc9c7a322022-01-05 09:19:28.960root 11241100x80000000000000006859923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8c38c9e44ee4ee2022-01-05 09:19:28.960root 11241100x80000000000000006859924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34332660be15be1b2022-01-05 09:19:28.960root 11241100x80000000000000006859925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b3de72db7314c52022-01-05 09:19:28.960root 11241100x80000000000000006859926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb89d892295dcc92022-01-05 09:19:28.960root 11241100x80000000000000006859927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd063a8e037df49e2022-01-05 09:19:28.961root 11241100x80000000000000006859928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e56bd3432ce94d92022-01-05 09:19:28.961root 11241100x80000000000000006859929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c2134206dd25392022-01-05 09:19:28.961root 11241100x80000000000000006859930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f7a549ccf4e5232022-01-05 09:19:28.961root 11241100x80000000000000006859931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55f241dee33002a2022-01-05 09:19:28.961root 354300x80000000000000006859932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.072{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40674-false10.0.1.12-8000- 11241100x80000000000000006859933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:19:29.402root 11241100x80000000000000006859934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28077180f71a71cb2022-01-05 09:19:29.403root 11241100x80000000000000006859935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209024663d5cae1c2022-01-05 09:19:29.403root 11241100x80000000000000006859936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a68ff82872c0532022-01-05 09:19:29.403root 11241100x80000000000000006859937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3826e16a95ca19e32022-01-05 09:19:29.404root 11241100x80000000000000006859938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4fbabd1b2283b2022-01-05 09:19:29.404root 11241100x80000000000000006859939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee70fc34cb2b445e2022-01-05 09:19:29.404root 11241100x80000000000000006859940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6035d5c5b02cdca42022-01-05 09:19:29.404root 11241100x80000000000000006859941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e81a432562df9382022-01-05 09:19:29.404root 11241100x80000000000000006859942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71ac111095db8ba2022-01-05 09:19:29.404root 11241100x80000000000000006859943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44a28416f1d49de2022-01-05 09:19:29.404root 11241100x80000000000000006859944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b98e38efd418e5a2022-01-05 09:19:29.404root 11241100x80000000000000006859945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154c906a2a1c695d2022-01-05 09:19:29.404root 11241100x80000000000000006859946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a64a384b657af92022-01-05 09:19:29.404root 11241100x80000000000000006859947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f6e1c3208fccd72022-01-05 09:19:29.404root 11241100x80000000000000006859948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5a27dff4e6cc662022-01-05 09:19:29.404root 11241100x80000000000000006859949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56671921897cefce2022-01-05 09:19:29.404root 11241100x80000000000000006859950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dc998e37de42192022-01-05 09:19:29.710root 11241100x80000000000000006859951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8882ab602e051f2022-01-05 09:19:29.710root 11241100x80000000000000006859952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878e80f6dbfbc6162022-01-05 09:19:29.710root 11241100x80000000000000006859953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75752e1d085810f72022-01-05 09:19:29.710root 11241100x80000000000000006859954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c59c6171ce8eff82022-01-05 09:19:29.710root 11241100x80000000000000006859955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64367f5d3be24b472022-01-05 09:19:29.710root 11241100x80000000000000006859956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be86940226739b2022-01-05 09:19:29.710root 11241100x80000000000000006859957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932f81edea20b1f82022-01-05 09:19:29.710root 11241100x80000000000000006859958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a175381251565cb02022-01-05 09:19:29.710root 11241100x80000000000000006859959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f329190e81bd37d2022-01-05 09:19:29.710root 11241100x80000000000000006859960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16af3e2aade800e2022-01-05 09:19:29.710root 11241100x80000000000000006859961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273b429e39e39ce2022-01-05 09:19:29.710root 11241100x80000000000000006859962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcf4562d55d2e512022-01-05 09:19:29.710root 11241100x80000000000000006859963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fc6f9a82ce7fce2022-01-05 09:19:29.711root 11241100x80000000000000006859964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337ab16be05955a2022-01-05 09:19:29.711root 11241100x80000000000000006859965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96c6b1610a3b6012022-01-05 09:19:29.711root 11241100x80000000000000006859966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3560226e4d108d852022-01-05 09:19:30.210root 11241100x80000000000000006859967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac13edc8b2482a7b2022-01-05 09:19:30.210root 11241100x80000000000000006859968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40336d74606651ac2022-01-05 09:19:30.210root 11241100x80000000000000006859969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48255279676ecccd2022-01-05 09:19:30.210root 11241100x80000000000000006859970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6264edbdfbcb90c32022-01-05 09:19:30.210root 11241100x80000000000000006859971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182d31b41ffba6b72022-01-05 09:19:30.211root 11241100x80000000000000006859972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff38f6819af3f162022-01-05 09:19:30.211root 11241100x80000000000000006859973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abed009ed23e1f402022-01-05 09:19:30.211root 11241100x80000000000000006859974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94a7dc8847c92522022-01-05 09:19:30.211root 11241100x80000000000000006859975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0113b584212e5252022-01-05 09:19:30.211root 11241100x80000000000000006859976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2310f568824b172022-01-05 09:19:30.211root 11241100x80000000000000006859977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4718b1554faa392022-01-05 09:19:30.211root 11241100x80000000000000006859978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a84cce7263e101a2022-01-05 09:19:30.211root 11241100x80000000000000006859979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c24dfbe6da5e12022-01-05 09:19:30.211root 11241100x80000000000000006859980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8240845b7384d642022-01-05 09:19:30.211root 11241100x80000000000000006859981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cccf0a9972fe0152022-01-05 09:19:30.211root 11241100x80000000000000006859982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf89c93e11596af02022-01-05 09:19:30.709root 11241100x80000000000000006859983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f9db3756468d8b2022-01-05 09:19:30.710root 11241100x80000000000000006859984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3893fb91ffcdf7772022-01-05 09:19:30.710root 11241100x80000000000000006859985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4d795aec9afe382022-01-05 09:19:30.710root 11241100x80000000000000006859986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5dbf9143987d4f2022-01-05 09:19:30.710root 11241100x80000000000000006859987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea079cbfa35b2f42022-01-05 09:19:30.710root 11241100x80000000000000006859988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d09abe24479a5d2022-01-05 09:19:30.710root 11241100x80000000000000006859989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6856dc0dd16193a92022-01-05 09:19:30.710root 11241100x80000000000000006859990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473875be78d303c72022-01-05 09:19:30.710root 11241100x80000000000000006859991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db321e007b35632022-01-05 09:19:30.710root 11241100x80000000000000006859992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05866fcf471995822022-01-05 09:19:30.710root 11241100x80000000000000006859993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53a23e71bae8d7d2022-01-05 09:19:30.710root 11241100x80000000000000006859994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d764048a610cad302022-01-05 09:19:30.710root 11241100x80000000000000006859995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b257ec4951cb19052022-01-05 09:19:30.711root 11241100x80000000000000006859996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad6223c8a7a81282022-01-05 09:19:30.711root 11241100x80000000000000006859997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b070ec1d52d3dc2022-01-05 09:19:30.711root 11241100x80000000000000006859998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d730073ee073212022-01-05 09:19:31.209root 11241100x80000000000000006859999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd0bca52e0874e22022-01-05 09:19:31.210root 11241100x80000000000000006860000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee512b11097565472022-01-05 09:19:31.210root 11241100x80000000000000006860001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868193759da1bdda2022-01-05 09:19:31.210root 11241100x80000000000000006860002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3d65410808e5ad2022-01-05 09:19:31.210root 11241100x80000000000000006860003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d894c503bedfe22022-01-05 09:19:31.210root 11241100x80000000000000006860004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832f7242ee8c79112022-01-05 09:19:31.210root 11241100x80000000000000006860005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf78815ebf9499d52022-01-05 09:19:31.210root 11241100x80000000000000006860006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c70bed96cb402d82022-01-05 09:19:31.210root 11241100x80000000000000006860007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d3bbcc1a2d9b702022-01-05 09:19:31.210root 11241100x80000000000000006860008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5789222f5603eb1f2022-01-05 09:19:31.210root 11241100x80000000000000006860009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22476129f3372acc2022-01-05 09:19:31.210root 11241100x80000000000000006860010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c36ed77adb32c02022-01-05 09:19:31.210root 11241100x80000000000000006860011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa37491a4ad68662022-01-05 09:19:31.211root 11241100x80000000000000006860012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a4062511f27ffa2022-01-05 09:19:31.211root 11241100x80000000000000006860013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e87a595424fb132022-01-05 09:19:31.211root 11241100x80000000000000006860014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c56c456d3b9e462022-01-05 09:19:31.709root 11241100x80000000000000006860015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7630fb5c023352022-01-05 09:19:31.710root 11241100x80000000000000006860016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4345fa1694f123e02022-01-05 09:19:31.710root 11241100x80000000000000006860017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9527e8b50514052022-01-05 09:19:31.710root 11241100x80000000000000006860018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108698aa3235f5052022-01-05 09:19:31.710root 11241100x80000000000000006860019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7905d9d882ad8f2022-01-05 09:19:31.710root 11241100x80000000000000006860020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8223434d2c81751f2022-01-05 09:19:31.710root 11241100x80000000000000006860021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e4a545c94875ad2022-01-05 09:19:31.710root 11241100x80000000000000006860022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a1f7777cb7a1e22022-01-05 09:19:31.710root 11241100x80000000000000006860023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a93df441a73b8582022-01-05 09:19:31.710root 11241100x80000000000000006860024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c08ab568b02e60f2022-01-05 09:19:31.710root 11241100x80000000000000006860025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490966fbcaa1ec762022-01-05 09:19:31.711root 11241100x80000000000000006860026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55141b25b5b6904b2022-01-05 09:19:31.711root 11241100x80000000000000006860027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2098ec9f9686b902022-01-05 09:19:31.711root 11241100x80000000000000006860028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad90e964a0265032022-01-05 09:19:31.711root 11241100x80000000000000006860029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929e4b0f1f2041a32022-01-05 09:19:31.711root 11241100x80000000000000006860030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e56fd90a5bcabe72022-01-05 09:19:32.210root 11241100x80000000000000006860031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430361596565024c2022-01-05 09:19:32.210root 11241100x80000000000000006860032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1d48a4da9b7a5c2022-01-05 09:19:32.210root 11241100x80000000000000006860033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd9308776671332022-01-05 09:19:32.210root 11241100x80000000000000006860034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d967db0a18835f3b2022-01-05 09:19:32.210root 11241100x80000000000000006860035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88524fb3372543c12022-01-05 09:19:32.210root 11241100x80000000000000006860036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdb7611e68a63df2022-01-05 09:19:32.210root 11241100x80000000000000006860037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0c04ec1f9e8cbf2022-01-05 09:19:32.210root 11241100x80000000000000006860038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ca4120fd4796792022-01-05 09:19:32.210root 11241100x80000000000000006860039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e004e9583b02be2022-01-05 09:19:32.210root 11241100x80000000000000006860040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45278a5e08c23252022-01-05 09:19:32.210root 11241100x80000000000000006860041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe461272a112d62022-01-05 09:19:32.211root 11241100x80000000000000006860042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6410d4c3033908f12022-01-05 09:19:32.211root 11241100x80000000000000006860043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0669e0f12a98bc12022-01-05 09:19:32.211root 11241100x80000000000000006860044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18f9ef560291502022-01-05 09:19:32.211root 11241100x80000000000000006860045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1dac11a371cd02022-01-05 09:19:32.211root 23542300x80000000000000006860046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.404{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006860047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33839bb1f2808b5b2022-01-05 09:19:32.709root 11241100x80000000000000006860048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82551b66ad3f7332022-01-05 09:19:32.709root 11241100x80000000000000006860049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faef61f4c3879d32022-01-05 09:19:32.710root 11241100x80000000000000006860050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffda76148a55e8842022-01-05 09:19:32.710root 11241100x80000000000000006860051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e472a99ad8b373d42022-01-05 09:19:32.710root 11241100x80000000000000006860052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452675d9d4540d5d2022-01-05 09:19:32.710root 11241100x80000000000000006860053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632235a6814691a72022-01-05 09:19:32.710root 11241100x80000000000000006860054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeeb5740f3d3705f2022-01-05 09:19:32.710root 11241100x80000000000000006860055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d06be02c6d42562022-01-05 09:19:32.710root 11241100x80000000000000006860056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bc1f2c0ca09a722022-01-05 09:19:32.711root 11241100x80000000000000006860057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64b5ab5cece59fe2022-01-05 09:19:32.711root 11241100x80000000000000006860058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c84edca51b3f4f2022-01-05 09:19:32.711root 11241100x80000000000000006860059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715568bd5d7efee92022-01-05 09:19:32.711root 11241100x80000000000000006860060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d770c2ec2f461d2022-01-05 09:19:32.711root 11241100x80000000000000006860061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2259d2051ee886e62022-01-05 09:19:32.711root 11241100x80000000000000006860062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2235a0ea4155d2162022-01-05 09:19:32.711root 11241100x80000000000000006860063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7424997179c3f782022-01-05 09:19:32.712root 11241100x80000000000000006860064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f3d3a76811f4f52022-01-05 09:19:33.210root 11241100x80000000000000006860065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc307c4ab90f86f2022-01-05 09:19:33.210root 11241100x80000000000000006860066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe32f320cc0d7752022-01-05 09:19:33.210root 11241100x80000000000000006860067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6b329b96517cab2022-01-05 09:19:33.210root 11241100x80000000000000006860068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71852ddab2268732022-01-05 09:19:33.210root 11241100x80000000000000006860069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bac497f819abb82022-01-05 09:19:33.210root 11241100x80000000000000006860070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b28cdf76e94b1ad2022-01-05 09:19:33.210root 11241100x80000000000000006860071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7a69076df0195a2022-01-05 09:19:33.210root 11241100x80000000000000006860072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f82aa8322d672c2022-01-05 09:19:33.210root 11241100x80000000000000006860073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabd43f123ba56682022-01-05 09:19:33.210root 11241100x80000000000000006860074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d60283062a3da322022-01-05 09:19:33.210root 11241100x80000000000000006860075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c132a6f0166bc20e2022-01-05 09:19:33.210root 11241100x80000000000000006860076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45816ec3e84f0142022-01-05 09:19:33.211root 11241100x80000000000000006860077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41aa3be3280751122022-01-05 09:19:33.211root 11241100x80000000000000006860078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c64d018e861f2532022-01-05 09:19:33.211root 11241100x80000000000000006860079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86856ac03137a16d2022-01-05 09:19:33.211root 11241100x80000000000000006860080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46657cf60d83b28d2022-01-05 09:19:33.211root 354300x80000000000000006860081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.434{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41156-false10.0.1.12-8089- 11241100x80000000000000006860082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a6f6036fdf9c292022-01-05 09:19:33.709root 11241100x80000000000000006860083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035d9e1ca1a9e7af2022-01-05 09:19:33.709root 11241100x80000000000000006860084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92a3f9f7345d0872022-01-05 09:19:33.709root 11241100x80000000000000006860085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4140da902f4926c2022-01-05 09:19:33.710root 11241100x80000000000000006860086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8ddbcc792bf62b2022-01-05 09:19:33.710root 11241100x80000000000000006860087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca61f647975e4f1d2022-01-05 09:19:33.710root 11241100x80000000000000006860088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f2f0748df2ee492022-01-05 09:19:33.710root 11241100x80000000000000006860089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd9ce22e2b3ea5b2022-01-05 09:19:33.710root 11241100x80000000000000006860090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98098e3dad571da2022-01-05 09:19:33.711root 11241100x80000000000000006860091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f327f9506f85e12a2022-01-05 09:19:33.711root 11241100x80000000000000006860092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a622099ba353402022-01-05 09:19:33.711root 11241100x80000000000000006860093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1624ee52ad750b32022-01-05 09:19:33.711root 11241100x80000000000000006860094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a9a26c9aabc7552022-01-05 09:19:33.711root 11241100x80000000000000006860095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b701ecee83a0f42022-01-05 09:19:33.711root 11241100x80000000000000006860096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af08bd563a6e44e42022-01-05 09:19:33.711root 11241100x80000000000000006860097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881349dc656b78b92022-01-05 09:19:33.711root 11241100x80000000000000006860098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac11a8f6439efdf22022-01-05 09:19:33.711root 11241100x80000000000000006860099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f033f43e18514a22022-01-05 09:19:33.712root 11241100x80000000000000006860100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9c615b58a10922022-01-05 09:19:33.712root 11241100x80000000000000006860101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f81c21079ac19d2022-01-05 09:19:33.712root 11241100x80000000000000006860102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a527f43c44344caf2022-01-05 09:19:33.712root 11241100x80000000000000006860103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6512e4e3710dfbb2022-01-05 09:19:33.712root 11241100x80000000000000006860104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bfb1a1392701892022-01-05 09:19:34.209root 11241100x80000000000000006860105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37aced3608014822022-01-05 09:19:34.209root 11241100x80000000000000006860106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95a1591dd05dd342022-01-05 09:19:34.210root 11241100x80000000000000006860107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2867ccec24797092022-01-05 09:19:34.210root 11241100x80000000000000006860108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d44da6b95c2a5892022-01-05 09:19:34.210root 11241100x80000000000000006860109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca89d6b2d77c30672022-01-05 09:19:34.210root 11241100x80000000000000006860110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ded1b0c200a5a2d2022-01-05 09:19:34.210root 11241100x80000000000000006860111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501d50847b0a8e442022-01-05 09:19:34.210root 11241100x80000000000000006860112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c07203f31381f82022-01-05 09:19:34.210root 11241100x80000000000000006860113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c35b2ff26f86472022-01-05 09:19:34.210root 11241100x80000000000000006860114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736f2ec393773cba2022-01-05 09:19:34.211root 11241100x80000000000000006860115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f764c2be22300042022-01-05 09:19:34.211root 11241100x80000000000000006860116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b4667cb5827b832022-01-05 09:19:34.211root 11241100x80000000000000006860117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591912cbd0b464332022-01-05 09:19:34.211root 11241100x80000000000000006860118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af31408353015c6d2022-01-05 09:19:34.211root 11241100x80000000000000006860119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee4507dac0535d12022-01-05 09:19:34.211root 11241100x80000000000000006860120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35e4f0ae6ddd0042022-01-05 09:19:34.211root 11241100x80000000000000006860121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a94740624f312d2022-01-05 09:19:34.211root 11241100x80000000000000006860122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4171481a76738e2022-01-05 09:19:34.710root 11241100x80000000000000006860123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6cf76af779a4672022-01-05 09:19:34.710root 11241100x80000000000000006860124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02efbd4beb46134e2022-01-05 09:19:34.710root 11241100x80000000000000006860125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd44f08bfffde0682022-01-05 09:19:34.710root 11241100x80000000000000006860126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa689abf3bb938a62022-01-05 09:19:34.710root 11241100x80000000000000006860127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4923eb8550aae7e92022-01-05 09:19:34.710root 11241100x80000000000000006860128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7fd56cd1a12d542022-01-05 09:19:34.710root 11241100x80000000000000006860129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3516fd322fb84b0c2022-01-05 09:19:34.710root 11241100x80000000000000006860130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc7fa67256edd8b2022-01-05 09:19:34.710root 11241100x80000000000000006860131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d34b97517a60542022-01-05 09:19:34.710root 11241100x80000000000000006860132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a22bbc4df1c6df2022-01-05 09:19:34.710root 11241100x80000000000000006860133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d48d0238396c382022-01-05 09:19:34.710root 11241100x80000000000000006860134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ce1a28b75aab9f2022-01-05 09:19:34.711root 11241100x80000000000000006860135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01815d9ffefe4fee2022-01-05 09:19:34.711root 11241100x80000000000000006860136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aebd40661f5ff3d2022-01-05 09:19:34.711root 11241100x80000000000000006860137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0243039ba19bf1762022-01-05 09:19:34.711root 11241100x80000000000000006860138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e660ead9a468982022-01-05 09:19:34.711root 11241100x80000000000000006860139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:34.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b47f5073c7d7be2022-01-05 09:19:34.711root 354300x80000000000000006860140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.032{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40678-false10.0.1.12-8000- 11241100x80000000000000006860141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce2f9476a06a81b2022-01-05 09:19:35.034root 11241100x80000000000000006860142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab48533825f4865c2022-01-05 09:19:35.034root 11241100x80000000000000006860143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a2cf53249ed2eb2022-01-05 09:19:35.034root 11241100x80000000000000006860144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c06c8e9b2f943102022-01-05 09:19:35.034root 11241100x80000000000000006860145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a3f75d3740af802022-01-05 09:19:35.034root 11241100x80000000000000006860146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896d1400b854e872022-01-05 09:19:35.034root 11241100x80000000000000006860147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189af92c3b0ddd52022-01-05 09:19:35.034root 11241100x80000000000000006860148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a66f53098f8ace2022-01-05 09:19:35.034root 11241100x80000000000000006860149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e80c81cbb95e8b2022-01-05 09:19:35.034root 11241100x80000000000000006860150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.034{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205637dc335372c72022-01-05 09:19:35.034root 11241100x80000000000000006860151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4a73a5c9f60172022-01-05 09:19:35.035root 11241100x80000000000000006860152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790f9d172cbacebd2022-01-05 09:19:35.035root 11241100x80000000000000006860153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd107048a82a4afe2022-01-05 09:19:35.035root 11241100x80000000000000006860154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f060ce11642adeb32022-01-05 09:19:35.035root 11241100x80000000000000006860155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b683dead878d049c2022-01-05 09:19:35.035root 11241100x80000000000000006860156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9aa70095d69ae82022-01-05 09:19:35.035root 11241100x80000000000000006860157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd32d03e4499d402022-01-05 09:19:35.035root 11241100x80000000000000006860158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6abc0ce21f5f8d52022-01-05 09:19:35.035root 11241100x80000000000000006860159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.035{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86cbe3785924d62022-01-05 09:19:35.035root 11241100x80000000000000006860160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff2765856c668302022-01-05 09:19:35.459root 11241100x80000000000000006860161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2802b841c908a82022-01-05 09:19:35.459root 11241100x80000000000000006860162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26baea64ef8cb062022-01-05 09:19:35.459root 11241100x80000000000000006860163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482610974ae7a7cf2022-01-05 09:19:35.459root 11241100x80000000000000006860164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3519af93e2e4bfb22022-01-05 09:19:35.459root 11241100x80000000000000006860165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4a46fa29e98acc2022-01-05 09:19:35.460root 11241100x80000000000000006860166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe4236f511056f2022-01-05 09:19:35.460root 11241100x80000000000000006860167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b9a55741b76f5b2022-01-05 09:19:35.460root 11241100x80000000000000006860168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ce3aff2331df12022-01-05 09:19:35.460root 11241100x80000000000000006860169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c36a08388c0b822022-01-05 09:19:35.460root 11241100x80000000000000006860170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417e9595e549f7902022-01-05 09:19:35.460root 11241100x80000000000000006860171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c5b439aee1dc152022-01-05 09:19:35.460root 11241100x80000000000000006860172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b78fd1490330292022-01-05 09:19:35.460root 11241100x80000000000000006860173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae730a8abfe8472022-01-05 09:19:35.460root 11241100x80000000000000006860174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621ecd6504bb24532022-01-05 09:19:35.460root 11241100x80000000000000006860175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5fac4534c37e112022-01-05 09:19:35.460root 11241100x80000000000000006860176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d76d1ef381fb4f2022-01-05 09:19:35.460root 11241100x80000000000000006860177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e586431d316065d22022-01-05 09:19:35.461root 11241100x80000000000000006860178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd6dcf7523294392022-01-05 09:19:35.461root 11241100x80000000000000006860179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fa868ad3d1d5a92022-01-05 09:19:35.461root 11241100x80000000000000006860180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0b08ec27020f5f2022-01-05 09:19:35.461root 11241100x80000000000000006860181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e1c5b224e6ec022022-01-05 09:19:35.461root 11241100x80000000000000006860182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398d46c889584332022-01-05 09:19:35.959root 11241100x80000000000000006860183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b16b0ad4d2393f2022-01-05 09:19:35.960root 11241100x80000000000000006860184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6edd5c99fb76bd2022-01-05 09:19:35.960root 11241100x80000000000000006860185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4322c560ffcb53802022-01-05 09:19:35.960root 11241100x80000000000000006860186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c652c74d7ff42dc42022-01-05 09:19:35.960root 11241100x80000000000000006860187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a17f896e20167f2022-01-05 09:19:35.960root 11241100x80000000000000006860188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22c6ac057cda6792022-01-05 09:19:35.960root 11241100x80000000000000006860189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b5df14bb767e552022-01-05 09:19:35.960root 11241100x80000000000000006860190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc99882b67e8984e2022-01-05 09:19:35.960root 11241100x80000000000000006860191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca047b7239297c4c2022-01-05 09:19:35.960root 11241100x80000000000000006860192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d858755aeb35c22022-01-05 09:19:35.960root 11241100x80000000000000006860193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6683f31afcfe996e2022-01-05 09:19:35.960root 11241100x80000000000000006860194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ef43c9811667062022-01-05 09:19:35.960root 11241100x80000000000000006860195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065d41a7a9617e4c2022-01-05 09:19:35.960root 11241100x80000000000000006860196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c01c9a163b570152022-01-05 09:19:35.961root 11241100x80000000000000006860197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e60a125a2e71b9a2022-01-05 09:19:35.961root 11241100x80000000000000006860198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200be951c69c0c452022-01-05 09:19:35.961root 11241100x80000000000000006860199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7682fbe972d97c7d2022-01-05 09:19:35.961root 11241100x80000000000000006860200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2092c70548befcd72022-01-05 09:19:35.961root 154100x80000000000000006860201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.263{ec2e79f3-62a8-61d5-e0d0-f47525560000}22920/usr/bin/groups-----groups/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 11241100x80000000000000006860202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53180ec8559c9a72022-01-05 09:19:36.264root 11241100x80000000000000006860203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6085d4e13e472b522022-01-05 09:19:36.264root 11241100x80000000000000006860204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f85c0c324404a892022-01-05 09:19:36.264root 11241100x80000000000000006860205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.264{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4af789cae6458a32022-01-05 09:19:36.264root 11241100x80000000000000006860206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a27882e8cd3b82022-01-05 09:19:36.265root 11241100x80000000000000006860207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5284adb87a35ae4f2022-01-05 09:19:36.265root 11241100x80000000000000006860208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713fc55547bdad752022-01-05 09:19:36.265root 534500x80000000000000006860209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.265{ec2e79f3-62a8-61d5-e0d0-f47525560000}22920/usr/bin/groupsubuntu 11241100x80000000000000006860210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47b7d9161ae28eb2022-01-05 09:19:36.266root 11241100x80000000000000006860211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60181d15d94b3a22022-01-05 09:19:36.266root 11241100x80000000000000006860212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee3919d293e98502022-01-05 09:19:36.266root 11241100x80000000000000006860213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12855457848221a32022-01-05 09:19:36.266root 11241100x80000000000000006860214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c086dccb3dfe7c12022-01-05 09:19:36.266root 11241100x80000000000000006860215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352079b062ccc9be2022-01-05 09:19:36.266root 11241100x80000000000000006860216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cfcd60c8b0ab002022-01-05 09:19:36.266root 11241100x80000000000000006860217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430b7a85233279f72022-01-05 09:19:36.266root 11241100x80000000000000006860218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda617d059df9dc62022-01-05 09:19:36.266root 11241100x80000000000000006860219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048c144ae087cdb2022-01-05 09:19:36.266root 11241100x80000000000000006860220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4bdc2fc184e552022-01-05 09:19:36.266root 11241100x80000000000000006860221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b188acc78a75832022-01-05 09:19:36.266root 11241100x80000000000000006860222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.266{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b875aa6f37fa72022-01-05 09:19:36.266root 11241100x80000000000000006860223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.267{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b235731ddfef332022-01-05 09:19:36.267root 11241100x80000000000000006860224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.267{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0f3d75ffadd242022-01-05 09:19:36.267root 11241100x80000000000000006860225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.267{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7333874bc737453e2022-01-05 09:19:36.267root 11241100x80000000000000006860226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.268{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb46b0308e4dcf352022-01-05 09:19:36.268root 11241100x80000000000000006860227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.268{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86e8b063a6f14032022-01-05 09:19:36.268root 11241100x80000000000000006860228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b42af90a2a5c732022-01-05 09:19:36.709root 11241100x80000000000000006860229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04820579fd10c182022-01-05 09:19:36.709root 11241100x80000000000000006860230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f3d9a20b15cf1b2022-01-05 09:19:36.710root 11241100x80000000000000006860231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1c194bef4205402022-01-05 09:19:36.710root 11241100x80000000000000006860232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4284d9ec3bd2144a2022-01-05 09:19:36.710root 11241100x80000000000000006860233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cabf1338f992f07c2022-01-05 09:19:36.710root 11241100x80000000000000006860234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db32ff2c4af3362022-01-05 09:19:36.711root 11241100x80000000000000006860235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaeb2c0a65647352022-01-05 09:19:36.711root 11241100x80000000000000006860236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e915ed4c282e4ba2022-01-05 09:19:36.711root 11241100x80000000000000006860237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7776f07fc954e7182022-01-05 09:19:36.711root 11241100x80000000000000006860238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b72b5db383cd01a2022-01-05 09:19:36.711root 11241100x80000000000000006860239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39dc44622e560bf2022-01-05 09:19:36.712root 11241100x80000000000000006860240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92877b6925be2d82022-01-05 09:19:36.712root 11241100x80000000000000006860241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8e2622e9e24c542022-01-05 09:19:36.712root 11241100x80000000000000006860242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754eec64b3bb36912022-01-05 09:19:36.712root 11241100x80000000000000006860243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c808428e12a9e6f82022-01-05 09:19:36.712root 11241100x80000000000000006860244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b3170f547761d2022-01-05 09:19:36.712root 11241100x80000000000000006860245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51fab7087ac712b2022-01-05 09:19:36.712root 11241100x80000000000000006860246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e723c2a20ff05b72022-01-05 09:19:36.712root 11241100x80000000000000006860247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044ebc0beddd7872022-01-05 09:19:36.712root 11241100x80000000000000006860248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db15f48ab9d263fb2022-01-05 09:19:36.712root 11241100x80000000000000006860249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba94f934cfbf172022-01-05 09:19:36.712root 11241100x80000000000000006860250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:36.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a41d7fc598af642022-01-05 09:19:36.713root 11241100x80000000000000006860251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7eac584aa31cf62022-01-05 09:19:37.209root 11241100x80000000000000006860252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c2415435c2e64f2022-01-05 09:19:37.210root 11241100x80000000000000006860253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688c25d305462ca82022-01-05 09:19:37.210root 11241100x80000000000000006860254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0c8616194343742022-01-05 09:19:37.210root 11241100x80000000000000006860255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e262748b942f25b32022-01-05 09:19:37.210root 11241100x80000000000000006860256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e640f82cb057d97e2022-01-05 09:19:37.210root 11241100x80000000000000006860257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd407fe0f152ffff2022-01-05 09:19:37.210root 11241100x80000000000000006860258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f8f828cf25fc12022-01-05 09:19:37.210root 11241100x80000000000000006860259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45986b3475da13d32022-01-05 09:19:37.210root 11241100x80000000000000006860260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037228029e6672a2022-01-05 09:19:37.210root 11241100x80000000000000006860261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246cf8e4593cd6ee2022-01-05 09:19:37.210root 11241100x80000000000000006860262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfb10c81915223c2022-01-05 09:19:37.210root 11241100x80000000000000006860263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b03164332f8dfdb2022-01-05 09:19:37.211root 11241100x80000000000000006860264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671462d470d5895a2022-01-05 09:19:37.211root 11241100x80000000000000006860265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10fb881965b28502022-01-05 09:19:37.211root 11241100x80000000000000006860266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945fc753d08470802022-01-05 09:19:37.211root 11241100x80000000000000006860267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa9c1401ef854fb2022-01-05 09:19:37.211root 11241100x80000000000000006860268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b986cc17e273c2022-01-05 09:19:37.211root 11241100x80000000000000006860269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693ecbf1670dfcb22022-01-05 09:19:37.211root 11241100x80000000000000006860270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b707bac9100cb25f2022-01-05 09:19:37.211root 11241100x80000000000000006860271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc80716436de2932022-01-05 09:19:37.211root 11241100x80000000000000006860272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7d61104151b0d72022-01-05 09:19:37.710root 11241100x80000000000000006860273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e033706faaf594c52022-01-05 09:19:37.710root 11241100x80000000000000006860274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6439f8bcca16692022-01-05 09:19:37.710root 11241100x80000000000000006860275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e1a37c6c40a9da2022-01-05 09:19:37.710root 11241100x80000000000000006860276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db760c69379da49f2022-01-05 09:19:37.710root 11241100x80000000000000006860277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d14b46edaf6f55a2022-01-05 09:19:37.710root 11241100x80000000000000006860278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77b7986c3cb6b92022-01-05 09:19:37.710root 11241100x80000000000000006860279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20081e5810a3af2022-01-05 09:19:37.711root 11241100x80000000000000006860280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b4f7ae191e3092022-01-05 09:19:37.711root 11241100x80000000000000006860281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020975a0283b826b2022-01-05 09:19:37.711root 11241100x80000000000000006860282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c748a67f0190cdf2022-01-05 09:19:37.711root 11241100x80000000000000006860283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ff92677778288b2022-01-05 09:19:37.711root 11241100x80000000000000006860284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9d0e994889be212022-01-05 09:19:37.711root 11241100x80000000000000006860285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef09d34efe0467b92022-01-05 09:19:37.711root 11241100x80000000000000006860286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0135405618240fbc2022-01-05 09:19:37.711root 11241100x80000000000000006860287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc343760c261d5522022-01-05 09:19:37.711root 11241100x80000000000000006860288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faca215b490bdfe2022-01-05 09:19:37.711root 11241100x80000000000000006860289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66363a4f2f72b8a2022-01-05 09:19:37.711root 11241100x80000000000000006860290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663220c9244989ed2022-01-05 09:19:37.711root 11241100x80000000000000006860291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b821a7caac522c5e2022-01-05 09:19:37.711root 11241100x80000000000000006860292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:37.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470fc24d332c4312022-01-05 09:19:37.711root 11241100x80000000000000006860293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aeac4d45581f6962022-01-05 09:19:38.210root 11241100x80000000000000006860294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da27d08ab4b4c72022-01-05 09:19:38.210root 11241100x80000000000000006860295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a0e73761f5db482022-01-05 09:19:38.210root 11241100x80000000000000006860296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c762091d12acd62022-01-05 09:19:38.210root 11241100x80000000000000006860297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfadde84633334f22022-01-05 09:19:38.210root 11241100x80000000000000006860298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb505220362c81a62022-01-05 09:19:38.210root 11241100x80000000000000006860299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2dba5c9e4ca1dc2022-01-05 09:19:38.210root 11241100x80000000000000006860300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df2f71b50a48e782022-01-05 09:19:38.210root 11241100x80000000000000006860301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672b299d506ae5fd2022-01-05 09:19:38.210root 11241100x80000000000000006860302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497fd33e87f113e62022-01-05 09:19:38.210root 11241100x80000000000000006860303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59b683aa57905042022-01-05 09:19:38.210root 11241100x80000000000000006860304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21234d1f4d2075492022-01-05 09:19:38.211root 11241100x80000000000000006860305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58049d6be810ce62022-01-05 09:19:38.211root 11241100x80000000000000006860306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeaa6064a2ac7bf2022-01-05 09:19:38.211root 11241100x80000000000000006860307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087c485f0c34d4212022-01-05 09:19:38.211root 11241100x80000000000000006860308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970986554b1b53f82022-01-05 09:19:38.211root 11241100x80000000000000006860309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e82c83195c72192022-01-05 09:19:38.211root 11241100x80000000000000006860310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef4f4040e0520322022-01-05 09:19:38.211root 11241100x80000000000000006860311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3992668bc8f720ca2022-01-05 09:19:38.211root 11241100x80000000000000006860312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545d042b9ac50ef72022-01-05 09:19:38.211root 11241100x80000000000000006860313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063df399fd6048612022-01-05 09:19:38.211root 11241100x80000000000000006860314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ff39ab7a8ae62b2022-01-05 09:19:38.710root 11241100x80000000000000006860315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cacfcd7dcefddec2022-01-05 09:19:38.710root 11241100x80000000000000006860316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ab31a15e34cf502022-01-05 09:19:38.710root 11241100x80000000000000006860317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610fb5824a2165372022-01-05 09:19:38.710root 11241100x80000000000000006860318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc30c779bc5b6682022-01-05 09:19:38.711root 11241100x80000000000000006860319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d729c8a09936fb12022-01-05 09:19:38.711root 11241100x80000000000000006860320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ca59faa38eee392022-01-05 09:19:38.711root 11241100x80000000000000006860321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b83bfc657f5a82022-01-05 09:19:38.711root 11241100x80000000000000006860322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a03454dad3296332022-01-05 09:19:38.711root 11241100x80000000000000006860323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4a54bf6e7f6b9a2022-01-05 09:19:38.711root 11241100x80000000000000006860324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36489a88cc9b814f2022-01-05 09:19:38.712root 11241100x80000000000000006860325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844a988b1b1a19ec2022-01-05 09:19:38.712root 11241100x80000000000000006860326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6daa89da5e819c792022-01-05 09:19:38.712root 11241100x80000000000000006860327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13252f9920c064992022-01-05 09:19:38.712root 11241100x80000000000000006860328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9d25b08fc351b2022-01-05 09:19:38.712root 11241100x80000000000000006860329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fff45e37668ff62022-01-05 09:19:38.713root 11241100x80000000000000006860330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18fd8ce294566f72022-01-05 09:19:38.713root 11241100x80000000000000006860331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff65d712c2764522022-01-05 09:19:38.713root 11241100x80000000000000006860332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81a2177073319d62022-01-05 09:19:38.713root 11241100x80000000000000006860333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b081468c3c50f7aa2022-01-05 09:19:38.714root 11241100x80000000000000006860334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:38.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b931ec0efc12e82022-01-05 09:19:38.714root 11241100x80000000000000006860335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df5e59c126ab52c2022-01-05 09:19:39.209root 11241100x80000000000000006860336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959a5c9a4b1e3ab32022-01-05 09:19:39.209root 11241100x80000000000000006860337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed23b19ef1fc4d342022-01-05 09:19:39.209root 11241100x80000000000000006860338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc14308c3720d4e2022-01-05 09:19:39.209root 11241100x80000000000000006860339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e8315ec0576dad2022-01-05 09:19:39.210root 11241100x80000000000000006860340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4be9861e17337642022-01-05 09:19:39.210root 11241100x80000000000000006860341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a760539414bf123b2022-01-05 09:19:39.210root 11241100x80000000000000006860342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4351fccbabf524c32022-01-05 09:19:39.210root 11241100x80000000000000006860343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852dd1900ab010742022-01-05 09:19:39.210root 11241100x80000000000000006860344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5ea0f285695c812022-01-05 09:19:39.211root 11241100x80000000000000006860345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554b9e54cedafed32022-01-05 09:19:39.211root 11241100x80000000000000006860346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4474a5684b98fa392022-01-05 09:19:39.211root 11241100x80000000000000006860347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ef5b9e312b461d2022-01-05 09:19:39.211root 11241100x80000000000000006860348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88433d0be5529fd2022-01-05 09:19:39.211root 11241100x80000000000000006860349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd617aaf995d01052022-01-05 09:19:39.212root 11241100x80000000000000006860350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b0dc727a019f932022-01-05 09:19:39.212root 11241100x80000000000000006860351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2027b710d35af8392022-01-05 09:19:39.212root 11241100x80000000000000006860352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9680772666619e042022-01-05 09:19:39.212root 11241100x80000000000000006860353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c223608811d41c2022-01-05 09:19:39.212root 11241100x80000000000000006860354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92689887f27c30362022-01-05 09:19:39.212root 11241100x80000000000000006860355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b13ae65127de2352022-01-05 09:19:39.212root 11241100x80000000000000006860356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b076922443239cdc2022-01-05 09:19:39.213root 11241100x80000000000000006860357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292b3246366600f2022-01-05 09:19:39.213root 11241100x80000000000000006860358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba816289231b9b82022-01-05 09:19:39.214root 11241100x80000000000000006860359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c37dc2ae3811bac2022-01-05 09:19:39.709root 11241100x80000000000000006860360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a094fd71c722ae942022-01-05 09:19:39.710root 11241100x80000000000000006860361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d2193218b6c5292022-01-05 09:19:39.710root 11241100x80000000000000006860362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0df3a7bd93564a2022-01-05 09:19:39.710root 11241100x80000000000000006860363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0191f889a3ed8d92022-01-05 09:19:39.710root 11241100x80000000000000006860364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0c9d9f981a47732022-01-05 09:19:39.710root 11241100x80000000000000006860365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b00ce30bb0a182022-01-05 09:19:39.711root 11241100x80000000000000006860366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d49606408b46d62022-01-05 09:19:39.711root 11241100x80000000000000006860367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54fbf336f9459a2022-01-05 09:19:39.711root 11241100x80000000000000006860368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12decac1b9291bf02022-01-05 09:19:39.711root 11241100x80000000000000006860369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43bf9c1402555632022-01-05 09:19:39.712root 11241100x80000000000000006860370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d253f3fdb2aa7152022-01-05 09:19:39.712root 11241100x80000000000000006860371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015c7ceb005b4ece2022-01-05 09:19:39.713root 11241100x80000000000000006860372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf7b71d3d5b98e2022-01-05 09:19:39.713root 11241100x80000000000000006860373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1053f81761e7c0932022-01-05 09:19:39.713root 11241100x80000000000000006860374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0702d3b0df71ece2022-01-05 09:19:39.713root 11241100x80000000000000006860375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50da2d5d957fcc8e2022-01-05 09:19:39.713root 11241100x80000000000000006860376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a70b37bda6b2202022-01-05 09:19:39.714root 11241100x80000000000000006860377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7e4cf3d8df3f62022-01-05 09:19:39.714root 11241100x80000000000000006860378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f59311dcb88a722022-01-05 09:19:39.714root 11241100x80000000000000006860379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e071d2e21eac8c2022-01-05 09:19:39.714root 354300x80000000000000006860380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.082{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40680-false10.0.1.12-8000- 11241100x80000000000000006860381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03810ae95a6c5eae2022-01-05 09:19:40.083root 11241100x80000000000000006860382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.083{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0168a85fed82b02022-01-05 09:19:40.083root 11241100x80000000000000006860383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89987ec745eb58352022-01-05 09:19:40.084root 11241100x80000000000000006860384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ec350c255d6a42022-01-05 09:19:40.084root 11241100x80000000000000006860385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118646ef891001f2022-01-05 09:19:40.084root 11241100x80000000000000006860386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ce2c0907d7edab2022-01-05 09:19:40.084root 11241100x80000000000000006860387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.084{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b9446eaec4b0972022-01-05 09:19:40.084root 11241100x80000000000000006860388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc4daeee369d55f2022-01-05 09:19:40.085root 11241100x80000000000000006860389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f649a7090b987752022-01-05 09:19:40.085root 11241100x80000000000000006860390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd9dee8958ed8b2022-01-05 09:19:40.085root 11241100x80000000000000006860391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c4091f09d24ee2022-01-05 09:19:40.085root 11241100x80000000000000006860392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accd1de7f37ec5bd2022-01-05 09:19:40.085root 11241100x80000000000000006860393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4056c1d462f3504d2022-01-05 09:19:40.085root 11241100x80000000000000006860394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128e147ee6a60ca92022-01-05 09:19:40.085root 11241100x80000000000000006860395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.085{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b9fd9eb0470ee2022-01-05 09:19:40.085root 11241100x80000000000000006860396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8431e3dbe4332d92022-01-05 09:19:40.086root 11241100x80000000000000006860397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77601b99b17c442022-01-05 09:19:40.086root 11241100x80000000000000006860398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c210574d1c66b1eb2022-01-05 09:19:40.086root 11241100x80000000000000006860399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619ee4588137c2af2022-01-05 09:19:40.086root 11241100x80000000000000006860400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfac80ce0c0585792022-01-05 09:19:40.086root 11241100x80000000000000006860401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06dca7d25e8116682022-01-05 09:19:40.086root 11241100x80000000000000006860402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d98a35adc39f392022-01-05 09:19:40.086root 11241100x80000000000000006860403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.086{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc31717e16a430922022-01-05 09:19:40.086root 11241100x80000000000000006860404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0eae86c7eef7c32022-01-05 09:19:40.087root 11241100x80000000000000006860405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64fdb6520264d8a2022-01-05 09:19:40.087root 11241100x80000000000000006860406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502cb19f141718bb2022-01-05 09:19:40.087root 11241100x80000000000000006860407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf3b476bac68ac32022-01-05 09:19:40.087root 11241100x80000000000000006860408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.087{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceb80353c10bd422022-01-05 09:19:40.087root 11241100x80000000000000006860409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e55cc5a733cec2022-01-05 09:19:40.460root 11241100x80000000000000006860410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9d87af539d9552022-01-05 09:19:40.460root 11241100x80000000000000006860411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc1c3f38b1289612022-01-05 09:19:40.460root 11241100x80000000000000006860412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36b27a236f2c5b52022-01-05 09:19:40.460root 11241100x80000000000000006860413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6489a614abb965572022-01-05 09:19:40.460root 11241100x80000000000000006860414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681898856a1aba32022-01-05 09:19:40.460root 11241100x80000000000000006860415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c5444f684071e2022-01-05 09:19:40.460root 11241100x80000000000000006860416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4661fb79934d426a2022-01-05 09:19:40.460root 11241100x80000000000000006860417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c48865bffb06902022-01-05 09:19:40.461root 11241100x80000000000000006860418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a16bb4ac8ff2af2022-01-05 09:19:40.461root 11241100x80000000000000006860419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b379e84620d2032022-01-05 09:19:40.461root 11241100x80000000000000006860420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36b56a1fd85e2b72022-01-05 09:19:40.461root 11241100x80000000000000006860421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f8965697ade7a2022-01-05 09:19:40.461root 11241100x80000000000000006860422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20416306041553da2022-01-05 09:19:40.461root 11241100x80000000000000006860423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad2a719cda175152022-01-05 09:19:40.461root 11241100x80000000000000006860424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87e2dfe9dc66462022-01-05 09:19:40.461root 11241100x80000000000000006860425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f557cdc422e200d22022-01-05 09:19:40.461root 11241100x80000000000000006860426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c320e30b98a0916e2022-01-05 09:19:40.462root 11241100x80000000000000006860427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdaa7b46f3d736d2022-01-05 09:19:40.462root 11241100x80000000000000006860428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e51f498011ffef2022-01-05 09:19:40.462root 11241100x80000000000000006860429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e4dba1558102e72022-01-05 09:19:40.462root 11241100x80000000000000006860430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b101c21d4c1a12022-01-05 09:19:40.462root 11241100x80000000000000006860431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9545ffe150e73c002022-01-05 09:19:40.959root 11241100x80000000000000006860432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0670e734d63c022022-01-05 09:19:40.960root 11241100x80000000000000006860433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad03936471b1f5b2022-01-05 09:19:40.960root 11241100x80000000000000006860434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ccf51bc069f1a32022-01-05 09:19:40.960root 11241100x80000000000000006860435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be57d89de0c791b2022-01-05 09:19:40.960root 11241100x80000000000000006860436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847d5c68b6d90d3a2022-01-05 09:19:40.960root 11241100x80000000000000006860437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c877053f55ed02022-01-05 09:19:40.960root 11241100x80000000000000006860438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd9ead8d1d65c412022-01-05 09:19:40.960root 11241100x80000000000000006860439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c9df934543776f2022-01-05 09:19:40.960root 11241100x80000000000000006860440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcb7aa4f4b48b242022-01-05 09:19:40.961root 11241100x80000000000000006860441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081c7f20101b21bb2022-01-05 09:19:40.961root 11241100x80000000000000006860442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031a03c4e336583d2022-01-05 09:19:40.961root 11241100x80000000000000006860443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdfde5f1237f4552022-01-05 09:19:40.961root 11241100x80000000000000006860444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6581db92703071dd2022-01-05 09:19:40.961root 11241100x80000000000000006860445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8354bc9e2dc3112e2022-01-05 09:19:40.961root 11241100x80000000000000006860446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50034da9ab5f58b42022-01-05 09:19:40.961root 11241100x80000000000000006860447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d55bf42e0d9c7db2022-01-05 09:19:40.961root 11241100x80000000000000006860448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff1683c200d46aa2022-01-05 09:19:40.961root 11241100x80000000000000006860449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c822e020dd7142602022-01-05 09:19:40.961root 11241100x80000000000000006860450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc88a85af941a032022-01-05 09:19:40.962root 11241100x80000000000000006860451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d803d5e72c3b382022-01-05 09:19:40.962root 11241100x80000000000000006860452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:40.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4febbb30f24640b72022-01-05 09:19:40.962root 11241100x80000000000000006860453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b93e344dfc3da2022-01-05 09:19:41.459root 11241100x80000000000000006860454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5d14299d469f8d2022-01-05 09:19:41.460root 11241100x80000000000000006860455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb5d0373eb4ac362022-01-05 09:19:41.460root 11241100x80000000000000006860456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2332602e17d5682022-01-05 09:19:41.460root 11241100x80000000000000006860457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be63c67be0236352022-01-05 09:19:41.460root 11241100x80000000000000006860458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84709ecf802f5b512022-01-05 09:19:41.460root 11241100x80000000000000006860459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f970a79c20095012022-01-05 09:19:41.460root 11241100x80000000000000006860460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ede07f963a300812022-01-05 09:19:41.461root 11241100x80000000000000006860461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0448b279c42bcd12022-01-05 09:19:41.461root 11241100x80000000000000006860462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3dd61ee4bed2f2022-01-05 09:19:41.461root 11241100x80000000000000006860463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff19b9fde0fd7a362022-01-05 09:19:41.461root 11241100x80000000000000006860464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f9b76d5c294132022-01-05 09:19:41.461root 11241100x80000000000000006860465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d23fb72b8969e0d2022-01-05 09:19:41.461root 11241100x80000000000000006860466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53e8394ba0b4c352022-01-05 09:19:41.461root 11241100x80000000000000006860467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7da7a510c62a3b2022-01-05 09:19:41.461root 11241100x80000000000000006860468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab63e7aa86da66c2022-01-05 09:19:41.462root 11241100x80000000000000006860469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bc68f191f55c8a2022-01-05 09:19:41.462root 11241100x80000000000000006860470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9ac7d27cc7b7e62022-01-05 09:19:41.462root 11241100x80000000000000006860471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee3c7af291d71272022-01-05 09:19:41.462root 11241100x80000000000000006860472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3568246c39c48f52022-01-05 09:19:41.463root 11241100x80000000000000006860473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8841a1f7bcab77402022-01-05 09:19:41.463root 11241100x80000000000000006860474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b321c3ec96d8b21a2022-01-05 09:19:41.463root 11241100x80000000000000006860475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a109eab0c538d2022-01-05 09:19:41.463root 11241100x80000000000000006860476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb12d8b56f251f92022-01-05 09:19:41.463root 11241100x80000000000000006860477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a984598ae3a6b4c02022-01-05 09:19:41.959root 11241100x80000000000000006860478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0f6da894114c392022-01-05 09:19:41.960root 11241100x80000000000000006860479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383e1953f1c749482022-01-05 09:19:41.960root 11241100x80000000000000006860480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e17420e19259ca2022-01-05 09:19:41.960root 11241100x80000000000000006860481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c2e026d344c3d2022-01-05 09:19:41.961root 11241100x80000000000000006860482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2860c756eb32782022-01-05 09:19:41.961root 11241100x80000000000000006860483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107d442cd20683872022-01-05 09:19:41.961root 11241100x80000000000000006860484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb0a410a5ba380d2022-01-05 09:19:41.961root 11241100x80000000000000006860485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5c92e2722406062022-01-05 09:19:41.962root 11241100x80000000000000006860486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2150dbaadcae84fd2022-01-05 09:19:41.962root 11241100x80000000000000006860487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44484b97ad69acf12022-01-05 09:19:41.962root 11241100x80000000000000006860488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e93b41092cb6b42022-01-05 09:19:41.962root 11241100x80000000000000006860489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff724a76203a562022-01-05 09:19:41.962root 11241100x80000000000000006860490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235da6f5e1acd4852022-01-05 09:19:41.962root 11241100x80000000000000006860491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a9f7a064c6e1a62022-01-05 09:19:41.962root 11241100x80000000000000006860492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9edd493bc8338602022-01-05 09:19:41.962root 11241100x80000000000000006860493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf1545f524ebb202022-01-05 09:19:41.962root 11241100x80000000000000006860494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6b9bf77bb7a4292022-01-05 09:19:41.963root 11241100x80000000000000006860495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527677f6f52dfa032022-01-05 09:19:41.963root 11241100x80000000000000006860496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a165a493f2c8f6f2022-01-05 09:19:41.963root 11241100x80000000000000006860497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4cad78f937ca7a2022-01-05 09:19:41.963root 11241100x80000000000000006860498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d2f22bd401b18d2022-01-05 09:19:41.963root 11241100x80000000000000006860499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457f1b6b5f71fafe2022-01-05 09:19:41.963root 11241100x80000000000000006860500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:41.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e53ea0983ebd7742022-01-05 09:19:41.963root 11241100x80000000000000006860501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84518a8da34751302022-01-05 09:19:42.460root 11241100x80000000000000006860502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1df3f435af345442022-01-05 09:19:42.460root 11241100x80000000000000006860503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763417c8e10def3f2022-01-05 09:19:42.460root 11241100x80000000000000006860504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c21700c57951a92022-01-05 09:19:42.460root 11241100x80000000000000006860505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c223daf3b2099662022-01-05 09:19:42.460root 11241100x80000000000000006860506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4ee12d49ed74cb2022-01-05 09:19:42.460root 11241100x80000000000000006860507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5463b1c7c4eed8992022-01-05 09:19:42.460root 11241100x80000000000000006860508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f33fdf561a32b692022-01-05 09:19:42.460root 11241100x80000000000000006860509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246e93bcb2f4ffd82022-01-05 09:19:42.461root 11241100x80000000000000006860510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9377b67d39d31be62022-01-05 09:19:42.461root 11241100x80000000000000006860511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc615065dc46a212022-01-05 09:19:42.461root 11241100x80000000000000006860512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df20fd2a8690d1cc2022-01-05 09:19:42.461root 11241100x80000000000000006860513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d73b247195ba3822022-01-05 09:19:42.461root 11241100x80000000000000006860514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b16dacfd8b5f4b52022-01-05 09:19:42.461root 11241100x80000000000000006860515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2128591ee0b1e71a2022-01-05 09:19:42.461root 11241100x80000000000000006860516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b0694c5d395fea2022-01-05 09:19:42.461root 11241100x80000000000000006860517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a4900600afe872022-01-05 09:19:42.461root 11241100x80000000000000006860518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49032418226007c62022-01-05 09:19:42.461root 11241100x80000000000000006860519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db06f239b33183e2022-01-05 09:19:42.461root 11241100x80000000000000006860520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1012250a1d4219672022-01-05 09:19:42.462root 11241100x80000000000000006860521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a2eb32079747cf2022-01-05 09:19:42.462root 11241100x80000000000000006860522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c951634b78f0302022-01-05 09:19:42.462root 11241100x80000000000000006860523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c9f19ab846c5f2022-01-05 09:19:42.959root 11241100x80000000000000006860524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d709ba3fd60028cd2022-01-05 09:19:42.959root 11241100x80000000000000006860525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f133e8ba154acd02022-01-05 09:19:42.960root 11241100x80000000000000006860526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c65782a4059e052022-01-05 09:19:42.960root 11241100x80000000000000006860527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b544ba1b6f290d2022-01-05 09:19:42.960root 11241100x80000000000000006860528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f87a13d89fd96492022-01-05 09:19:42.960root 11241100x80000000000000006860529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82a604d11fa8acc2022-01-05 09:19:42.960root 11241100x80000000000000006860530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aaaac915aa98992022-01-05 09:19:42.961root 11241100x80000000000000006860531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c040902d468ae052022-01-05 09:19:42.961root 11241100x80000000000000006860532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2558de6fa5a796e2022-01-05 09:19:42.961root 11241100x80000000000000006860533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914158ade578f1a72022-01-05 09:19:42.961root 11241100x80000000000000006860534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f36c381c103e7c82022-01-05 09:19:42.961root 11241100x80000000000000006860535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd2859b562424362022-01-05 09:19:42.961root 11241100x80000000000000006860536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d83068eececa242022-01-05 09:19:42.961root 11241100x80000000000000006860537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008a7b7d206fdc082022-01-05 09:19:42.961root 11241100x80000000000000006860538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992479257c523e732022-01-05 09:19:42.961root 11241100x80000000000000006860539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80653b39c94e54e72022-01-05 09:19:42.962root 11241100x80000000000000006860540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d69ba7386df6fbf2022-01-05 09:19:42.962root 11241100x80000000000000006860541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928a7440d14510ea2022-01-05 09:19:42.962root 11241100x80000000000000006860542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48451aa4e4b4c232022-01-05 09:19:42.962root 11241100x80000000000000006860543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be21c46cb880aee42022-01-05 09:19:42.962root 11241100x80000000000000006860544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa815233d543d3f2022-01-05 09:19:42.962root 11241100x80000000000000006860545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbbc08aa26d3b92022-01-05 09:19:42.962root 11241100x80000000000000006860546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a2144f282f65d32022-01-05 09:19:42.962root 11241100x80000000000000006860547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba228184547660e2022-01-05 09:19:42.962root 11241100x80000000000000006860548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23123f3965f88a932022-01-05 09:19:42.962root 11241100x80000000000000006860549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30540285b24982882022-01-05 09:19:42.962root 11241100x80000000000000006860550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:42.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d9a516d85c7e382022-01-05 09:19:42.962root 11241100x80000000000000006860551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd36d24a55ba962022-01-05 09:19:43.460root 11241100x80000000000000006860552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2058c50c87ba211f2022-01-05 09:19:43.460root 11241100x80000000000000006860553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e7bf96890517382022-01-05 09:19:43.460root 11241100x80000000000000006860554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3af97d00dd34992022-01-05 09:19:43.460root 11241100x80000000000000006860555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fef78a01d1552b2022-01-05 09:19:43.460root 11241100x80000000000000006860556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c1ec927b8911692022-01-05 09:19:43.460root 11241100x80000000000000006860557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fb2c45459760752022-01-05 09:19:43.460root 11241100x80000000000000006860558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02853646350fd5fd2022-01-05 09:19:43.461root 11241100x80000000000000006860559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58499c9145654d162022-01-05 09:19:43.461root 11241100x80000000000000006860560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358660863f2568952022-01-05 09:19:43.461root 11241100x80000000000000006860561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d1059666529d772022-01-05 09:19:43.461root 11241100x80000000000000006860562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf474bcb4da423dd2022-01-05 09:19:43.461root 11241100x80000000000000006860563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23b799a0032d6bb2022-01-05 09:19:43.461root 11241100x80000000000000006860564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e958af01fbb952022-01-05 09:19:43.461root 11241100x80000000000000006860565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60bd55cce421d232022-01-05 09:19:43.461root 11241100x80000000000000006860566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be950ff504690a72022-01-05 09:19:43.461root 11241100x80000000000000006860567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a6cc0fd8bdc0b12022-01-05 09:19:43.462root 11241100x80000000000000006860568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4590e445f54472632022-01-05 09:19:43.462root 11241100x80000000000000006860569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbfcf7696d510fa2022-01-05 09:19:43.462root 11241100x80000000000000006860570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5afb933937d2ac2022-01-05 09:19:43.462root 11241100x80000000000000006860571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ae1bc6e12650a22022-01-05 09:19:43.462root 11241100x80000000000000006860572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3380a6a7603c742022-01-05 09:19:43.462root 11241100x80000000000000006860573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65f494aa449c3d2022-01-05 09:19:43.960root 11241100x80000000000000006860574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf630cb5bb24daa2022-01-05 09:19:43.960root 11241100x80000000000000006860575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdffb3b7686b1da42022-01-05 09:19:43.960root 11241100x80000000000000006860576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af7a28b29bb6522022-01-05 09:19:43.960root 11241100x80000000000000006860577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f061493650a40f2022-01-05 09:19:43.961root 11241100x80000000000000006860578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3fe886779c9c72d2022-01-05 09:19:43.961root 11241100x80000000000000006860579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7e1bde149e3cf32022-01-05 09:19:43.961root 11241100x80000000000000006860580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba047b58cb2573a2022-01-05 09:19:43.961root 11241100x80000000000000006860581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55745e5bf6bbc1432022-01-05 09:19:43.961root 11241100x80000000000000006860582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9769d1319e4189e12022-01-05 09:19:43.961root 11241100x80000000000000006860583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c59fece2fe35d372022-01-05 09:19:43.961root 11241100x80000000000000006860584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f6976378dfd4a2022-01-05 09:19:43.961root 11241100x80000000000000006860585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0d839fc8eb9fbb2022-01-05 09:19:43.961root 11241100x80000000000000006860586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ceb3d886f790ef72022-01-05 09:19:43.961root 11241100x80000000000000006860587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1600b6f95a8846472022-01-05 09:19:43.961root 11241100x80000000000000006860588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35efd174d026f31d2022-01-05 09:19:43.961root 11241100x80000000000000006860589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9559b29c71cd8b332022-01-05 09:19:43.961root 11241100x80000000000000006860590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da70b98ce4577362022-01-05 09:19:43.961root 11241100x80000000000000006860591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b4bed5ee2c58a2022-01-05 09:19:43.962root 11241100x80000000000000006860592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7afbc3764342dc52022-01-05 09:19:43.962root 11241100x80000000000000006860593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeff0a98a53a1bd2022-01-05 09:19:43.962root 11241100x80000000000000006860594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:43.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641e609273c66e202022-01-05 09:19:43.962root 11241100x80000000000000006860595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebde1a52ed19f5ed2022-01-05 09:19:44.459root 11241100x80000000000000006860596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2035f57dcfb151ca2022-01-05 09:19:44.459root 11241100x80000000000000006860597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f38a043e33d8c42022-01-05 09:19:44.460root 11241100x80000000000000006860598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ff1fff4cfd19492022-01-05 09:19:44.460root 11241100x80000000000000006860599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b792e34c3288a512022-01-05 09:19:44.460root 11241100x80000000000000006860600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ed879ef256d2a62022-01-05 09:19:44.460root 11241100x80000000000000006860601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7371d948a947b72022-01-05 09:19:44.460root 11241100x80000000000000006860602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419842f951295ccb2022-01-05 09:19:44.461root 11241100x80000000000000006860603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547c520091eed2822022-01-05 09:19:44.461root 11241100x80000000000000006860604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcc164ce5c860532022-01-05 09:19:44.461root 11241100x80000000000000006860605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4115366dd6f9f8092022-01-05 09:19:44.461root 11241100x80000000000000006860606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a922c274ec599432022-01-05 09:19:44.461root 11241100x80000000000000006860607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e2a2d3a64214f12022-01-05 09:19:44.462root 11241100x80000000000000006860608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a7823cf583a82c2022-01-05 09:19:44.462root 11241100x80000000000000006860609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b511f629afe10022022-01-05 09:19:44.462root 11241100x80000000000000006860610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5168a2c5e8b777c2022-01-05 09:19:44.462root 11241100x80000000000000006860611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6fec7a20f68b8d2022-01-05 09:19:44.462root 11241100x80000000000000006860612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbfb2daa7f8555f2022-01-05 09:19:44.463root 11241100x80000000000000006860613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95643210614a026b2022-01-05 09:19:44.463root 11241100x80000000000000006860614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264387898a7b00352022-01-05 09:19:44.463root 11241100x80000000000000006860615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d0e232c756cff2022-01-05 09:19:44.463root 11241100x80000000000000006860616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bbe9bb48ed0bbb2022-01-05 09:19:44.463root 11241100x80000000000000006860617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2297208d555082022-01-05 09:19:44.959root 11241100x80000000000000006860618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9fbd6e59d59d1e2022-01-05 09:19:44.960root 11241100x80000000000000006860619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7c043d1efaac192022-01-05 09:19:44.960root 11241100x80000000000000006860620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f2fad7b0e1fcdd2022-01-05 09:19:44.960root 11241100x80000000000000006860621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9141222801ec26d32022-01-05 09:19:44.961root 11241100x80000000000000006860622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2646f9841fd864582022-01-05 09:19:44.961root 11241100x80000000000000006860623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ea68f75c4d63c12022-01-05 09:19:44.961root 11241100x80000000000000006860624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb00a4c549318532022-01-05 09:19:44.961root 11241100x80000000000000006860625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6888c340854584fa2022-01-05 09:19:44.961root 11241100x80000000000000006860626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cc2b0c6c4139ca2022-01-05 09:19:44.961root 11241100x80000000000000006860627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9293b109288f9cca2022-01-05 09:19:44.961root 11241100x80000000000000006860628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45361a03b5752bc52022-01-05 09:19:44.961root 11241100x80000000000000006860629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a7a83f536dea9d2022-01-05 09:19:44.961root 11241100x80000000000000006860630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9440c71f39f8f19e2022-01-05 09:19:44.961root 11241100x80000000000000006860631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecac47fefb60c6e2022-01-05 09:19:44.961root 11241100x80000000000000006860632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21258bc9a51ca0c82022-01-05 09:19:44.961root 11241100x80000000000000006860633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ff9826f74602802022-01-05 09:19:44.962root 11241100x80000000000000006860634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11f9c09f095c01d2022-01-05 09:19:44.962root 11241100x80000000000000006860635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0187a57df7fd5fc02022-01-05 09:19:44.962root 11241100x80000000000000006860636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a3601521acfa892022-01-05 09:19:44.962root 11241100x80000000000000006860637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3191967863d69fda2022-01-05 09:19:44.962root 11241100x80000000000000006860638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfd98ad02bb8dc42022-01-05 09:19:44.962root 11241100x80000000000000006860639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84df650f0c149662022-01-05 09:19:44.962root 11241100x80000000000000006860640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc20d6ec9df0366e2022-01-05 09:19:44.962root 11241100x80000000000000006860641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137fbd6d25d75c762022-01-05 09:19:44.962root 354300x80000000000000006860642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.188{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40682-false10.0.1.12-8000- 11241100x80000000000000006860643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a395682289a1df2022-01-05 09:19:45.460root 11241100x80000000000000006860644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e23d57d65cf76a2022-01-05 09:19:45.460root 11241100x80000000000000006860645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f2b469397f58322022-01-05 09:19:45.460root 11241100x80000000000000006860646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92ee273c2f5c5f52022-01-05 09:19:45.460root 11241100x80000000000000006860647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1fc410f67f72cd2022-01-05 09:19:45.460root 11241100x80000000000000006860648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86257faa381ffb52022-01-05 09:19:45.460root 11241100x80000000000000006860649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f5da5582075b792022-01-05 09:19:45.460root 11241100x80000000000000006860650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea1fef7fa350762022-01-05 09:19:45.461root 11241100x80000000000000006860651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a51a2b10871572022-01-05 09:19:45.461root 11241100x80000000000000006860652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0644b7e83b78a44b2022-01-05 09:19:45.461root 11241100x80000000000000006860653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c241516b4f9ea88e2022-01-05 09:19:45.461root 11241100x80000000000000006860654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e0b9e19ff5d1132022-01-05 09:19:45.461root 11241100x80000000000000006860655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c42d32b8080996e2022-01-05 09:19:45.461root 11241100x80000000000000006860656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3193cf479eb2e7c2022-01-05 09:19:45.461root 11241100x80000000000000006860657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6994f23a61fad2022-01-05 09:19:45.461root 11241100x80000000000000006860658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff684df9bb893f42022-01-05 09:19:45.461root 11241100x80000000000000006860659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9ae5d6223082b42022-01-05 09:19:45.462root 11241100x80000000000000006860660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f753ab3a197394e2022-01-05 09:19:45.462root 11241100x80000000000000006860661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9e4ff13ce7a24d2022-01-05 09:19:45.462root 11241100x80000000000000006860662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d493d6b6967b6fb62022-01-05 09:19:45.462root 11241100x80000000000000006860663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b7979e6d6334ee2022-01-05 09:19:45.462root 11241100x80000000000000006860664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a4e6cfc769bed82022-01-05 09:19:45.462root 11241100x80000000000000006860665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a366795959a34bd2022-01-05 09:19:45.463root 11241100x80000000000000006860666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07be2858b60147032022-01-05 09:19:45.959root 11241100x80000000000000006860667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2cac4118cc3ad12022-01-05 09:19:45.960root 11241100x80000000000000006860668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e437b4f081e7a42022-01-05 09:19:45.960root 11241100x80000000000000006860669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8643e9d8a9f78ac52022-01-05 09:19:45.960root 11241100x80000000000000006860670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e3a0b5d50832b02022-01-05 09:19:45.960root 11241100x80000000000000006860671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f6d0108bb60ff62022-01-05 09:19:45.961root 11241100x80000000000000006860672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422d464c665e5e632022-01-05 09:19:45.961root 11241100x80000000000000006860673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788fbc2f088a44922022-01-05 09:19:45.961root 11241100x80000000000000006860674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bda30105e08df92022-01-05 09:19:45.961root 11241100x80000000000000006860675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e508a065f24f25a92022-01-05 09:19:45.961root 11241100x80000000000000006860676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6c4c5a6feab9182022-01-05 09:19:45.962root 11241100x80000000000000006860677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f58ecd5f4987652022-01-05 09:19:45.962root 11241100x80000000000000006860678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480c1c1698ed8faf2022-01-05 09:19:45.962root 11241100x80000000000000006860679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13344957c9ede63b2022-01-05 09:19:45.962root 11241100x80000000000000006860680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16395a3bb2666e62022-01-05 09:19:45.962root 11241100x80000000000000006860681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8af0e0bc8e20f22022-01-05 09:19:45.962root 11241100x80000000000000006860682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe33b9f428de16f72022-01-05 09:19:45.963root 11241100x80000000000000006860683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60a7ea234b83bce2022-01-05 09:19:45.963root 11241100x80000000000000006860684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2913e51bb0c880172022-01-05 09:19:45.963root 11241100x80000000000000006860685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce264e15dfad79522022-01-05 09:19:45.963root 11241100x80000000000000006860686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8335b41b2dae51e72022-01-05 09:19:45.963root 11241100x80000000000000006860687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f121f003a98c7d62022-01-05 09:19:45.963root 11241100x80000000000000006860688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbecbfe1a3b8bdf2022-01-05 09:19:45.964root 11241100x80000000000000006860689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77f12d196e9ed662022-01-05 09:19:46.460root 11241100x80000000000000006860690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b04b67e0c5082f42022-01-05 09:19:46.460root 11241100x80000000000000006860691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80eee436ba05d9e2022-01-05 09:19:46.460root 11241100x80000000000000006860692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae7a4022aa4e6ac2022-01-05 09:19:46.460root 11241100x80000000000000006860693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2600156f306107182022-01-05 09:19:46.460root 11241100x80000000000000006860694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21c9337d544816c2022-01-05 09:19:46.460root 11241100x80000000000000006860695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec271b2d3d17a03e2022-01-05 09:19:46.461root 11241100x80000000000000006860696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bfef4ac389ea942022-01-05 09:19:46.462root 11241100x80000000000000006860697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40873fdf359891a32022-01-05 09:19:46.462root 11241100x80000000000000006860698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397fff601fa8c32a2022-01-05 09:19:46.462root 11241100x80000000000000006860699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555bd34101832dfe2022-01-05 09:19:46.462root 11241100x80000000000000006860700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff31a4e998913c8b2022-01-05 09:19:46.463root 11241100x80000000000000006860701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700ab635e0b436482022-01-05 09:19:46.463root 11241100x80000000000000006860702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f34f280a83e2f4a2022-01-05 09:19:46.464root 11241100x80000000000000006860703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf4412848f8c9492022-01-05 09:19:46.464root 11241100x80000000000000006860704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f097621c429db62022-01-05 09:19:46.464root 11241100x80000000000000006860705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d7a6e7dabc0d172022-01-05 09:19:46.465root 11241100x80000000000000006860706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a05fb874743ed712022-01-05 09:19:46.465root 11241100x80000000000000006860707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb725414bca22942022-01-05 09:19:46.465root 11241100x80000000000000006860708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3723aa539cd6e82022-01-05 09:19:46.465root 11241100x80000000000000006860709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22545413b2b13842022-01-05 09:19:46.466root 11241100x80000000000000006860710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773ab52113865aaf2022-01-05 09:19:46.466root 11241100x80000000000000006860711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7babfff6b488c672022-01-05 09:19:46.466root 154100x80000000000000006860712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.589{ec2e79f3-62b2-61d5-587d-ddf3ec550000}22921/usr/bin/users-----users/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 534500x80000000000000006860713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.592{ec2e79f3-62b2-61d5-587d-ddf3ec550000}22921/usr/bin/usersubuntu 11241100x80000000000000006860714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b132b6a1c2f0c8ed2022-01-05 09:19:46.959root 11241100x80000000000000006860715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b697b9027d46d77d2022-01-05 09:19:46.959root 11241100x80000000000000006860716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5c0cd7155a37e92022-01-05 09:19:46.960root 11241100x80000000000000006860717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d931b8fd9c746c2022-01-05 09:19:46.960root 11241100x80000000000000006860718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5b8d6f3bc7b9b22022-01-05 09:19:46.960root 11241100x80000000000000006860719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596bb833da537c72022-01-05 09:19:46.960root 11241100x80000000000000006860720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d28f5750f485882022-01-05 09:19:46.960root 11241100x80000000000000006860721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e85249b14fd3132022-01-05 09:19:46.960root 11241100x80000000000000006860722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6943687864e0d2472022-01-05 09:19:46.961root 11241100x80000000000000006860723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80d1a66280554c22022-01-05 09:19:46.961root 11241100x80000000000000006860724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff437ba0e65f7232022-01-05 09:19:46.961root 11241100x80000000000000006860725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3082843f11d6032022-01-05 09:19:46.961root 11241100x80000000000000006860726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06c43df4d7d99842022-01-05 09:19:46.961root 11241100x80000000000000006860727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc222d7ae4f5bdeb2022-01-05 09:19:46.962root 11241100x80000000000000006860728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a2dce0227b70632022-01-05 09:19:46.962root 11241100x80000000000000006860729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931789d0f6cc2c3d2022-01-05 09:19:46.962root 11241100x80000000000000006860730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789920a7c32211b52022-01-05 09:19:46.962root 11241100x80000000000000006860731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b808f60d4cb5cdc82022-01-05 09:19:46.962root 11241100x80000000000000006860732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03debbfbd53ede62022-01-05 09:19:46.962root 11241100x80000000000000006860733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344725ecb345e4872022-01-05 09:19:46.963root 11241100x80000000000000006860734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad01f461b067f0312022-01-05 09:19:46.963root 11241100x80000000000000006860735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd7abb95c088612022-01-05 09:19:46.963root 11241100x80000000000000006860736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8e88231b36947c2022-01-05 09:19:46.963root 11241100x80000000000000006860737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d934f0b34936382022-01-05 09:19:46.963root 11241100x80000000000000006860738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf4679f67baab782022-01-05 09:19:46.963root 11241100x80000000000000006860739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4794a1d775f0a19a2022-01-05 09:19:47.460root 11241100x80000000000000006860740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6651376c5a1d60c2022-01-05 09:19:47.460root 11241100x80000000000000006860741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07899a133db60462022-01-05 09:19:47.460root 11241100x80000000000000006860742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6f1515104065372022-01-05 09:19:47.460root 11241100x80000000000000006860743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7ec9d0e1bb13a2022-01-05 09:19:47.460root 11241100x80000000000000006860744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9f5adfd024222c2022-01-05 09:19:47.460root 11241100x80000000000000006860745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a5268708b547e22022-01-05 09:19:47.461root 11241100x80000000000000006860746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512225aef4c497242022-01-05 09:19:47.461root 11241100x80000000000000006860747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdfd8a7f7e4110f2022-01-05 09:19:47.461root 11241100x80000000000000006860748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece5a0510287997b2022-01-05 09:19:47.461root 11241100x80000000000000006860749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab6ffcde5212a9c2022-01-05 09:19:47.461root 11241100x80000000000000006860750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b7b6298f80bc12022-01-05 09:19:47.461root 11241100x80000000000000006860751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac52c9b5aab565fc2022-01-05 09:19:47.461root 11241100x80000000000000006860752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f29d67b906b04412022-01-05 09:19:47.461root 11241100x80000000000000006860753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fb90bcad4885142022-01-05 09:19:47.461root 11241100x80000000000000006860754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df1b296199467a12022-01-05 09:19:47.462root 11241100x80000000000000006860755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec2d5d0976aa3bf12022-01-05 09:19:47.462root 11241100x80000000000000006860756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25db68c11128d40e2022-01-05 09:19:47.462root 11241100x80000000000000006860757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb6edb936c04cf22022-01-05 09:19:47.462root 11241100x80000000000000006860758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ac46dd7a508b2b2022-01-05 09:19:47.462root 11241100x80000000000000006860759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb90b89bb4b6b02022-01-05 09:19:47.462root 11241100x80000000000000006860760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41367c30c2b67f082022-01-05 09:19:47.462root 11241100x80000000000000006860761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d900ab4d8a53d02022-01-05 09:19:47.463root 11241100x80000000000000006860762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24a450580131ba2022-01-05 09:19:47.463root 11241100x80000000000000006860763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe21ed97453e4ddb2022-01-05 09:19:47.463root 11241100x80000000000000006860764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e7f54ba637717d2022-01-05 09:19:47.960root 11241100x80000000000000006860765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d785668c5d74bdf2022-01-05 09:19:47.960root 11241100x80000000000000006860766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf2c47643c1e44e2022-01-05 09:19:47.960root 11241100x80000000000000006860767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd310b9744da7502022-01-05 09:19:47.960root 11241100x80000000000000006860768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d381aaa1362fe7d72022-01-05 09:19:47.960root 11241100x80000000000000006860769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abd390781ee660a2022-01-05 09:19:47.960root 11241100x80000000000000006860770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e2d8c6e2611f592022-01-05 09:19:47.960root 11241100x80000000000000006860771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcf6576652967ae2022-01-05 09:19:47.961root 11241100x80000000000000006860772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d33f15b4f4db42022-01-05 09:19:47.961root 11241100x80000000000000006860773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7384cb4b59437562022-01-05 09:19:47.961root 11241100x80000000000000006860774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b58151d6842899e2022-01-05 09:19:47.961root 11241100x80000000000000006860775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6284958fb340bc12022-01-05 09:19:47.961root 11241100x80000000000000006860776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a17f9c123caa52022-01-05 09:19:47.961root 11241100x80000000000000006860777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb4a6513fbec4d2022-01-05 09:19:47.961root 11241100x80000000000000006860778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d75a317c988d20c2022-01-05 09:19:47.961root 11241100x80000000000000006860779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccceb9b8d7d5f0d52022-01-05 09:19:47.961root 11241100x80000000000000006860780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06b8c833814bf852022-01-05 09:19:47.961root 11241100x80000000000000006860781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99f3371f9f458d2022-01-05 09:19:47.961root 11241100x80000000000000006860782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5c61850819e6d72022-01-05 09:19:47.962root 11241100x80000000000000006860783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe65dbb1e44bc9ce2022-01-05 09:19:47.962root 11241100x80000000000000006860784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51709d1defdc58852022-01-05 09:19:47.962root 11241100x80000000000000006860785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59537c4a6abebcbd2022-01-05 09:19:47.962root 11241100x80000000000000006860786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503c55d206ca51f12022-01-05 09:19:47.962root 11241100x80000000000000006860787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a07a6e480cf36b2022-01-05 09:19:47.962root 11241100x80000000000000006860788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:47.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d25330a114410ec2022-01-05 09:19:47.962root 11241100x80000000000000006860789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1156b3881e2624262022-01-05 09:19:48.460root 11241100x80000000000000006860790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52acd9c78a22ade72022-01-05 09:19:48.460root 11241100x80000000000000006860791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c963246f04e831072022-01-05 09:19:48.460root 11241100x80000000000000006860792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d2b633284342502022-01-05 09:19:48.460root 11241100x80000000000000006860793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b83d49b526c702022-01-05 09:19:48.460root 11241100x80000000000000006860794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea39c749b093bd72022-01-05 09:19:48.460root 11241100x80000000000000006860795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faecb77c02692ec42022-01-05 09:19:48.460root 11241100x80000000000000006860796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fee41f2fa9afda2022-01-05 09:19:48.460root 11241100x80000000000000006860797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbabb1051e811b892022-01-05 09:19:48.460root 11241100x80000000000000006860798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5919ee22d338492022-01-05 09:19:48.460root 11241100x80000000000000006860799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fef25830c475d12022-01-05 09:19:48.460root 11241100x80000000000000006860800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac604608dae7df2022-01-05 09:19:48.460root 11241100x80000000000000006860801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d1f033c3ff839f2022-01-05 09:19:48.461root 11241100x80000000000000006860802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc7f2f23fb5c11f2022-01-05 09:19:48.461root 11241100x80000000000000006860803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8e6629aef4451e2022-01-05 09:19:48.461root 11241100x80000000000000006860804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa549781c0f803db2022-01-05 09:19:48.461root 11241100x80000000000000006860805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77bef0b7fba765a2022-01-05 09:19:48.461root 11241100x80000000000000006860806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628a003b778c5a2c2022-01-05 09:19:48.461root 11241100x80000000000000006860807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07d2bceaa672df32022-01-05 09:19:48.461root 11241100x80000000000000006860808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1cbd59b59d3b232022-01-05 09:19:48.461root 11241100x80000000000000006860809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91796126efba4f422022-01-05 09:19:48.461root 11241100x80000000000000006860810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da00c44d0a3352d2022-01-05 09:19:48.461root 11241100x80000000000000006860811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85760db9e63118f62022-01-05 09:19:48.461root 11241100x80000000000000006860812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d77ca84a9afab3e2022-01-05 09:19:48.461root 11241100x80000000000000006860813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a545d6467e5813442022-01-05 09:19:48.461root 11241100x80000000000000006860814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d908f36089ce5d2022-01-05 09:19:48.461root 11241100x80000000000000006860815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04abc65e6f475e5d2022-01-05 09:19:48.461root 11241100x80000000000000006860816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2448af0e8612e202022-01-05 09:19:48.462root 11241100x80000000000000006860817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a02d7cfea08ac8d2022-01-05 09:19:48.462root 11241100x80000000000000006860818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2831109756631e1a2022-01-05 09:19:48.462root 11241100x80000000000000006860819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0531e731519e842022-01-05 09:19:48.462root 11241100x80000000000000006860820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fce8f6042ca08b92022-01-05 09:19:48.462root 11241100x80000000000000006860821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde21a6993115b382022-01-05 09:19:48.462root 11241100x80000000000000006860822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15ef427553e34b92022-01-05 09:19:48.462root 11241100x80000000000000006860823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fcc24509ccd3bf2022-01-05 09:19:48.462root 11241100x80000000000000006860824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d46861d3969e8d2022-01-05 09:19:48.462root 11241100x80000000000000006860825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dec8cff7959c2602022-01-05 09:19:48.462root 11241100x80000000000000006860826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e775efc8e5125e32022-01-05 09:19:48.462root 11241100x80000000000000006860827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361b286db652cc212022-01-05 09:19:48.960root 11241100x80000000000000006860828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e0fa1c18e0b2b22022-01-05 09:19:48.960root 11241100x80000000000000006860829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af9198be22c2052022-01-05 09:19:48.960root 11241100x80000000000000006860830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd9dc6a16ba1c3e2022-01-05 09:19:48.960root 11241100x80000000000000006860831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4646c77db71f792022-01-05 09:19:48.960root 11241100x80000000000000006860832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e37df565c043582022-01-05 09:19:48.960root 11241100x80000000000000006860833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25d93b2c8cbd9892022-01-05 09:19:48.960root 11241100x80000000000000006860834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f366232b9e15272022-01-05 09:19:48.960root 11241100x80000000000000006860835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e716cc7f3882ee2022-01-05 09:19:48.960root 11241100x80000000000000006860836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a855d4d7658eb55b2022-01-05 09:19:48.960root 11241100x80000000000000006860837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b8fde67cafcfc2022-01-05 09:19:48.961root 11241100x80000000000000006860838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e63a0d96b611822022-01-05 09:19:48.961root 11241100x80000000000000006860839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b8450257f9e4352022-01-05 09:19:48.961root 11241100x80000000000000006860840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a254e096c59fd92022-01-05 09:19:48.961root 11241100x80000000000000006860841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40996911f08b89b52022-01-05 09:19:48.961root 11241100x80000000000000006860842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f337d3ee96a5f62022-01-05 09:19:48.961root 11241100x80000000000000006860843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfb3751c202b1732022-01-05 09:19:48.961root 11241100x80000000000000006860844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962d9a1813932f852022-01-05 09:19:48.961root 11241100x80000000000000006860845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79488a235a5db54b2022-01-05 09:19:48.961root 11241100x80000000000000006860846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b987527e80aaea6e2022-01-05 09:19:48.961root 11241100x80000000000000006860847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e56f443bf2e672022-01-05 09:19:48.961root 11241100x80000000000000006860848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89d4aa70224707c2022-01-05 09:19:48.961root 11241100x80000000000000006860849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51859c1854a307ee2022-01-05 09:19:48.961root 11241100x80000000000000006860850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291be65f2ecc79802022-01-05 09:19:48.961root 11241100x80000000000000006860851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:48.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a8f44219e778752022-01-05 09:19:48.962root 11241100x80000000000000006860852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edae1e27001f57c2022-01-05 09:19:49.459root 11241100x80000000000000006860853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46b1d0a30027ad32022-01-05 09:19:49.459root 11241100x80000000000000006860854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b703b7edae9459b72022-01-05 09:19:49.459root 11241100x80000000000000006860855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a393c906f49c1e0e2022-01-05 09:19:49.459root 11241100x80000000000000006860856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c84390f5e9405ac2022-01-05 09:19:49.459root 11241100x80000000000000006860857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db790cc80822ae62022-01-05 09:19:49.459root 11241100x80000000000000006860858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11c8e4b6dfd910b2022-01-05 09:19:49.460root 11241100x80000000000000006860859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f23aaa0e60e3b92022-01-05 09:19:49.460root 11241100x80000000000000006860860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d4b0236dab433b2022-01-05 09:19:49.460root 11241100x80000000000000006860861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db5c6335d97f2332022-01-05 09:19:49.460root 11241100x80000000000000006860862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bfe734db7685272022-01-05 09:19:49.460root 11241100x80000000000000006860863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f72970a2311ecc2022-01-05 09:19:49.460root 11241100x80000000000000006860864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8e669adca8bb1c2022-01-05 09:19:49.460root 11241100x80000000000000006860865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f1e78acaabe7e2022-01-05 09:19:49.460root 11241100x80000000000000006860866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96c8028bf1482bf2022-01-05 09:19:49.460root 11241100x80000000000000006860867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44cc7134bb3c3b42022-01-05 09:19:49.460root 11241100x80000000000000006860868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40995e3631382b82022-01-05 09:19:49.460root 11241100x80000000000000006860869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ea89707fdc7c42022-01-05 09:19:49.460root 11241100x80000000000000006860870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21741a24ee2a2572022-01-05 09:19:49.460root 11241100x80000000000000006860871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851536f9c0c48f1a2022-01-05 09:19:49.461root 11241100x80000000000000006860872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6805e4ae5afa69472022-01-05 09:19:49.461root 11241100x80000000000000006860873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7293f644df745f2022-01-05 09:19:49.461root 11241100x80000000000000006860874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed13c479abed0072022-01-05 09:19:49.461root 11241100x80000000000000006860875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f37213e87221d92022-01-05 09:19:49.461root 11241100x80000000000000006860876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76f7c2e2b28a00d2022-01-05 09:19:49.461root 11241100x80000000000000006860877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d506ba3b45326b2022-01-05 09:19:49.461root 11241100x80000000000000006860878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18318081a1d71b82022-01-05 09:19:49.461root 11241100x80000000000000006860879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3031418aedceddea2022-01-05 09:19:49.461root 11241100x80000000000000006860880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb11922ac7099fd2022-01-05 09:19:49.461root 11241100x80000000000000006860881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50085708e92986af2022-01-05 09:19:49.461root 11241100x80000000000000006860882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fe93056c6a1a482022-01-05 09:19:49.461root 11241100x80000000000000006860883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ef4198f1edab72022-01-05 09:19:49.461root 11241100x80000000000000006860884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19825e3e4bd5c712022-01-05 09:19:49.461root 11241100x80000000000000006860885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300a46e54fb4d2d2022-01-05 09:19:49.462root 11241100x80000000000000006860886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5a39607565eb592022-01-05 09:19:49.462root 11241100x80000000000000006860887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27e4deb516c2f852022-01-05 09:19:49.462root 11241100x80000000000000006860888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcfba289918c8eb2022-01-05 09:19:49.960root 11241100x80000000000000006860889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db2f81b197a40092022-01-05 09:19:49.960root 11241100x80000000000000006860890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830bab7c7d8a5af12022-01-05 09:19:49.960root 11241100x80000000000000006860891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5d7c65e240046d2022-01-05 09:19:49.960root 11241100x80000000000000006860892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506cb06136b6c7a62022-01-05 09:19:49.960root 11241100x80000000000000006860893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664fbc9b33553c362022-01-05 09:19:49.960root 11241100x80000000000000006860894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdb524f5744d9b92022-01-05 09:19:49.960root 11241100x80000000000000006860895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4205a301e65c7b92022-01-05 09:19:49.960root 11241100x80000000000000006860896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31826a3565da9be62022-01-05 09:19:49.960root 11241100x80000000000000006860897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d16619ec11d17f2022-01-05 09:19:49.960root 11241100x80000000000000006860898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f048cf9bd71e6d2022-01-05 09:19:49.961root 11241100x80000000000000006860899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2415f6c26973642022-01-05 09:19:49.961root 11241100x80000000000000006860900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afdb561b98e3d182022-01-05 09:19:49.961root 11241100x80000000000000006860901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a97a01c799296d2022-01-05 09:19:49.961root 11241100x80000000000000006860902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6816d767788232022-01-05 09:19:49.961root 11241100x80000000000000006860903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000062ac39fe406b2022-01-05 09:19:49.961root 11241100x80000000000000006860904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48b80c217424c1e2022-01-05 09:19:49.961root 11241100x80000000000000006860905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b50288cdd0b68e2022-01-05 09:19:49.961root 11241100x80000000000000006860906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f107c794fe03b962022-01-05 09:19:49.961root 11241100x80000000000000006860907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2b7b9028c947882022-01-05 09:19:49.961root 11241100x80000000000000006860908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18241611eba4dfe92022-01-05 09:19:49.961root 11241100x80000000000000006860909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293bfb922c32dd1e2022-01-05 09:19:49.961root 11241100x80000000000000006860910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5354f3e8acb4f1592022-01-05 09:19:49.961root 11241100x80000000000000006860911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfb5c3dc81ba7772022-01-05 09:19:49.962root 11241100x80000000000000006860912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:49.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f0b8b046119e92022-01-05 09:19:49.963root 11241100x80000000000000006860913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912d193d554d1fc2022-01-05 09:19:50.459root 11241100x80000000000000006860914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f11b99cac58e05e2022-01-05 09:19:50.459root 11241100x80000000000000006860915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad264695b9f53dc2022-01-05 09:19:50.460root 11241100x80000000000000006860916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c067411d324d2cc2022-01-05 09:19:50.460root 11241100x80000000000000006860917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5c0db04ff522672022-01-05 09:19:50.460root 11241100x80000000000000006860918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743f977390e18fef2022-01-05 09:19:50.460root 11241100x80000000000000006860919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb099e26ca1e3c52022-01-05 09:19:50.460root 11241100x80000000000000006860920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2279b822ba3c70d2022-01-05 09:19:50.460root 11241100x80000000000000006860921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad572c7f9a5608d2022-01-05 09:19:50.461root 11241100x80000000000000006860922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b7805c1652a422022-01-05 09:19:50.461root 11241100x80000000000000006860923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308636847bf5c4f02022-01-05 09:19:50.461root 11241100x80000000000000006860924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d320ec014b39a292022-01-05 09:19:50.461root 11241100x80000000000000006860925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f404591099dfd12022-01-05 09:19:50.461root 11241100x80000000000000006860926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901d1b34645ac1252022-01-05 09:19:50.461root 11241100x80000000000000006860927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b603eb220942e572022-01-05 09:19:50.462root 11241100x80000000000000006860928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349d6a2079b75b772022-01-05 09:19:50.462root 11241100x80000000000000006860929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1b97f9bde2d4bd2022-01-05 09:19:50.462root 11241100x80000000000000006860930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109bcd02500fc3df2022-01-05 09:19:50.462root 11241100x80000000000000006860931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831b8a66bba6eea32022-01-05 09:19:50.462root 11241100x80000000000000006860932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4113e4d9bbdb5f2022-01-05 09:19:50.462root 11241100x80000000000000006860933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712e1ca49949ef2e2022-01-05 09:19:50.463root 11241100x80000000000000006860934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d5188236b441e2022-01-05 09:19:50.463root 11241100x80000000000000006860935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2291e0871d66385c2022-01-05 09:19:50.463root 11241100x80000000000000006860936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6f7284c5a19cb02022-01-05 09:19:50.463root 11241100x80000000000000006860937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d57d5a3e317d9e2022-01-05 09:19:50.463root 11241100x80000000000000006860938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b1d1b2a87317d42022-01-05 09:19:50.463root 11241100x80000000000000006860939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a8943fc06646d22022-01-05 09:19:50.463root 11241100x80000000000000006860940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f3e309b2771e732022-01-05 09:19:50.463root 11241100x80000000000000006860941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0538e9a4d96027c82022-01-05 09:19:50.463root 11241100x80000000000000006860942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee335f67b1f6d1c2022-01-05 09:19:50.959root 11241100x80000000000000006860943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7459d143bed1d642022-01-05 09:19:50.959root 11241100x80000000000000006860944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f898632e6c5c5492022-01-05 09:19:50.959root 11241100x80000000000000006860945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e501293507af852a2022-01-05 09:19:50.960root 11241100x80000000000000006860946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103abc6fe152a71f2022-01-05 09:19:50.960root 11241100x80000000000000006860947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69877ec0eaf72aa12022-01-05 09:19:50.960root 11241100x80000000000000006860948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a5112b694d4c612022-01-05 09:19:50.960root 11241100x80000000000000006860949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73292d4b9b7441e92022-01-05 09:19:50.960root 11241100x80000000000000006860950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ec75f1804651782022-01-05 09:19:50.960root 11241100x80000000000000006860951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876179dcf69b7fbd2022-01-05 09:19:50.960root 11241100x80000000000000006860952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66bacabd2d0f0092022-01-05 09:19:50.960root 11241100x80000000000000006860953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ee8179fdb56eb32022-01-05 09:19:50.960root 11241100x80000000000000006860954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7282f04a1f1d5312022-01-05 09:19:50.960root 11241100x80000000000000006860955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2ca7b51bcacc412022-01-05 09:19:50.961root 11241100x80000000000000006860956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bea891a59bebb672022-01-05 09:19:50.961root 11241100x80000000000000006860957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39873f4dc9602982022-01-05 09:19:50.961root 11241100x80000000000000006860958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248432a3bdfb2cc32022-01-05 09:19:50.961root 11241100x80000000000000006860959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39987766c632a73c2022-01-05 09:19:50.961root 11241100x80000000000000006860960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39bad386ab6e26d2022-01-05 09:19:50.961root 11241100x80000000000000006860961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852b600ace692b382022-01-05 09:19:50.961root 11241100x80000000000000006860962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07a4eeaefbb77222022-01-05 09:19:50.961root 11241100x80000000000000006860963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791b255e38644b7d2022-01-05 09:19:50.961root 11241100x80000000000000006860964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7671a4e04ea94f9a2022-01-05 09:19:50.961root 11241100x80000000000000006860965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb99441f26b9402022-01-05 09:19:50.961root 11241100x80000000000000006860966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bd09c250349f4a2022-01-05 09:19:50.962root 11241100x80000000000000006860967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c4a8d29df61e7b2022-01-05 09:19:50.962root 11241100x80000000000000006860968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d17f037449d32b2022-01-05 09:19:50.962root 11241100x80000000000000006860969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d6bbc8866f8e682022-01-05 09:19:50.963root 11241100x80000000000000006860970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:50.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ebd071eaa909c62022-01-05 09:19:50.963root 354300x80000000000000006860971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.158{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40684-false10.0.1.12-8000- 11241100x80000000000000006860972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b07dcb947e9f1662022-01-05 09:19:51.459root 11241100x80000000000000006860973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c0c414e095d5f52022-01-05 09:19:51.460root 11241100x80000000000000006860974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4793bec6736922a02022-01-05 09:19:51.460root 11241100x80000000000000006860975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13608f19be7b5af2022-01-05 09:19:51.460root 11241100x80000000000000006860976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8628894aaeeebbc2022-01-05 09:19:51.460root 11241100x80000000000000006860977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcc1750f44f61542022-01-05 09:19:51.460root 11241100x80000000000000006860978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f50fd310a2fbcb2022-01-05 09:19:51.460root 11241100x80000000000000006860979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589496275c1820e82022-01-05 09:19:51.460root 11241100x80000000000000006860980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af516dada6943ba12022-01-05 09:19:51.460root 11241100x80000000000000006860981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70661ff06f00b2a02022-01-05 09:19:51.460root 11241100x80000000000000006860982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba7974d94742c4d2022-01-05 09:19:51.460root 11241100x80000000000000006860983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c716292868adbd5c2022-01-05 09:19:51.460root 11241100x80000000000000006860984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d5d54e186f248b2022-01-05 09:19:51.460root 11241100x80000000000000006860985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddc7254e8c888c72022-01-05 09:19:51.461root 11241100x80000000000000006860986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e303707f7aa32e2022-01-05 09:19:51.461root 11241100x80000000000000006860987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241a5152d1c64f792022-01-05 09:19:51.461root 11241100x80000000000000006860988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bdcbd6cd126a192022-01-05 09:19:51.461root 11241100x80000000000000006860989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b142b51ba52d6502022-01-05 09:19:51.461root 11241100x80000000000000006860990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6497843bccda482022-01-05 09:19:51.461root 11241100x80000000000000006860991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660bf84f46a74bb42022-01-05 09:19:51.461root 11241100x80000000000000006860992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fbd7a298e94def2022-01-05 09:19:51.461root 11241100x80000000000000006860993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb9334d122c338f2022-01-05 09:19:51.461root 11241100x80000000000000006860994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd38be82a03a1a2022-01-05 09:19:51.461root 11241100x80000000000000006860995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524ae0c4d95f69362022-01-05 09:19:51.461root 11241100x80000000000000006860996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bab9319e9876372022-01-05 09:19:51.462root 11241100x80000000000000006860997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:19:51.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2463c609716f2b52022-01-05 09:19:51.462root 354300x80000000000000006861026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.205{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40688-false10.0.1.12-8000- 23542300x80000000000000006861027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.403{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006861028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02375327510005bb2022-01-05 09:20:02.459root 11241100x80000000000000006861029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eaedd998ee735a92022-01-05 09:20:02.459root 11241100x80000000000000006861030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304759e20baa1212022-01-05 09:20:02.959root 11241100x80000000000000006861031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:02.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a045bc23e6c456f42022-01-05 09:20:02.959root 11241100x80000000000000006861032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a0d700f59e90c62022-01-05 09:20:03.459root 11241100x80000000000000006861033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387395cb73653abe2022-01-05 09:20:03.459root 11241100x80000000000000006861034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29fa106815e8dd62022-01-05 09:20:03.959root 11241100x80000000000000006861035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e317cbfd7f17a832022-01-05 09:20:03.959root 11241100x80000000000000006861036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd8fa22db7ff9bb2022-01-05 09:20:04.459root 11241100x80000000000000006861037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e57b757e2fbb2662022-01-05 09:20:04.459root 11241100x80000000000000006861038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be25512417f42be2022-01-05 09:20:04.959root 11241100x80000000000000006861039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fc849e84f8f08d2022-01-05 09:20:04.959root 11241100x80000000000000006861040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31124f59eac236f92022-01-05 09:20:05.459root 11241100x80000000000000006861041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec523f668fe6fa32022-01-05 09:20:05.459root 154100x80000000000000006861042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.794{ec2e79f3-62c5-61d5-6804-2b064c560000}22922/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006861043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.795{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80932304a0530ef2022-01-05 09:20:05.795root 11241100x80000000000000006861044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.795{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9744dce85ba6b32022-01-05 09:20:05.795root 534500x80000000000000006861045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:05.819{ec2e79f3-62c5-61d5-6804-2b064c560000}22922/bin/psroot 11241100x80000000000000006861046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41effd2911d60e62022-01-05 09:20:06.209root 11241100x80000000000000006861047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8af1694b0d2e6e42022-01-05 09:20:06.209root 11241100x80000000000000006861048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7a7e4b72e18b182022-01-05 09:20:06.209root 11241100x80000000000000006861049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152a977eaba961622022-01-05 09:20:06.209root 11241100x80000000000000006861050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726046ebc846b61a2022-01-05 09:20:06.709root 11241100x80000000000000006861051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabc6a38893517cd2022-01-05 09:20:06.709root 11241100x80000000000000006861052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b390465184c7eca92022-01-05 09:20:06.709root 11241100x80000000000000006861053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a49d686fa86b81cc2022-01-05 09:20:06.709root 11241100x80000000000000006861054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc4cce4083b5a362022-01-05 09:20:07.209root 11241100x80000000000000006861055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0b1db8818e4ecd2022-01-05 09:20:07.209root 11241100x80000000000000006861056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505887473135f8a2022-01-05 09:20:07.209root 11241100x80000000000000006861057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f3180cc9b46b102022-01-05 09:20:07.209root 11241100x80000000000000006861058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d6eafbae578ca2022-01-05 09:20:07.709root 11241100x80000000000000006861059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca9704577168b6a2022-01-05 09:20:07.709root 11241100x80000000000000006861060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fa834eb70905122022-01-05 09:20:07.709root 11241100x80000000000000006861061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb9ac0cfa1f3aab2022-01-05 09:20:07.709root 354300x80000000000000006861062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.008{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40690-false10.0.1.12-8000- 11241100x80000000000000006861063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.008{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55e370f24d240f82022-01-05 09:20:08.008root 11241100x80000000000000006861064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08f47c4489b029b2022-01-05 09:20:08.009root 11241100x80000000000000006861065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657eb6f3f52f38362022-01-05 09:20:08.009root 11241100x80000000000000006861066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a644203cd313d9f82022-01-05 09:20:08.009root 11241100x80000000000000006861067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.009{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04eb901e2729f862022-01-05 09:20:08.009root 11241100x80000000000000006861068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93310205c620b2252022-01-05 09:20:08.459root 11241100x80000000000000006861069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b3d6096c5d2542022-01-05 09:20:08.459root 11241100x80000000000000006861070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d168418352dacc2022-01-05 09:20:08.459root 11241100x80000000000000006861071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75441dcbe70d35082022-01-05 09:20:08.459root 11241100x80000000000000006861072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1c9f791344562f2022-01-05 09:20:08.459root 11241100x80000000000000006861073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b259feaee273b1762022-01-05 09:20:08.959root 11241100x80000000000000006861074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bbde515b5639912022-01-05 09:20:08.959root 11241100x80000000000000006861075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5f2b7638364a9b2022-01-05 09:20:08.959root 11241100x80000000000000006861076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716578f19644cbc82022-01-05 09:20:08.959root 11241100x80000000000000006861077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c750ce5b065ab272022-01-05 09:20:08.959root 11241100x80000000000000006861078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c49c60d04024ea2022-01-05 09:20:09.459root 11241100x80000000000000006861079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af3637eb03bb0d32022-01-05 09:20:09.459root 11241100x80000000000000006861080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040c3ffbccfaa10b2022-01-05 09:20:09.459root 11241100x80000000000000006861081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99a942bdad983fa2022-01-05 09:20:09.459root 11241100x80000000000000006861082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bee06420fe53102022-01-05 09:20:09.459root 11241100x80000000000000006861083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bbe7d9bbe9c6c12022-01-05 09:20:09.959root 11241100x80000000000000006861084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73102b4b6fd37c3b2022-01-05 09:20:09.959root 11241100x80000000000000006861085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f338aacb21455bd2022-01-05 09:20:09.959root 11241100x80000000000000006861086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c75cf94ad1a2b2022-01-05 09:20:09.959root 11241100x80000000000000006861087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6776bb6c487c3ba2022-01-05 09:20:09.960root 11241100x80000000000000006861088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b92be7792f158692022-01-05 09:20:10.459root 11241100x80000000000000006861089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90585dde1b143d002022-01-05 09:20:10.459root 11241100x80000000000000006861090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2237425a6789656d2022-01-05 09:20:10.459root 11241100x80000000000000006861091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b42f286365346e2022-01-05 09:20:10.459root 11241100x80000000000000006861092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c83c6cffd6124022022-01-05 09:20:10.460root 11241100x80000000000000006861093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a133929242c05ab2022-01-05 09:20:10.959root 11241100x80000000000000006861094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcb78afca4bd37d2022-01-05 09:20:10.959root 11241100x80000000000000006861095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502ef3957013e0552022-01-05 09:20:10.959root 11241100x80000000000000006861096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1710c650b81cd37c2022-01-05 09:20:10.959root 11241100x80000000000000006861097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d6bc93adee5102022-01-05 09:20:10.959root 11241100x80000000000000006861098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d75cc0c0b8cf4f2022-01-05 09:20:11.459root 11241100x80000000000000006861099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc731cb65cbaf2e2022-01-05 09:20:11.459root 11241100x80000000000000006861100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3c022ca1b2a2802022-01-05 09:20:11.459root 11241100x80000000000000006861101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc8c2fba7fff222022-01-05 09:20:11.459root 11241100x80000000000000006861102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5a488d0e2ca8fb2022-01-05 09:20:11.459root 11241100x80000000000000006861103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99884d10909535152022-01-05 09:20:11.959root 11241100x80000000000000006861104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48d1a3f00a9b2422022-01-05 09:20:11.959root 11241100x80000000000000006861105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7837c33a8d23a32022-01-05 09:20:11.959root 11241100x80000000000000006861106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7372074b8b8687b02022-01-05 09:20:11.959root 11241100x80000000000000006861107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578858da2516d33b2022-01-05 09:20:11.960root 11241100x80000000000000006861108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae096150804bcca2022-01-05 09:20:12.459root 11241100x80000000000000006861109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999284e5051ffebd2022-01-05 09:20:12.459root 11241100x80000000000000006861110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff1d34b45a45a1d2022-01-05 09:20:12.459root 11241100x80000000000000006861111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c99d044e188bb52022-01-05 09:20:12.459root 11241100x80000000000000006861112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410c7e2c3bb7c0332022-01-05 09:20:12.459root 11241100x80000000000000006861113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52525d25ded67cf32022-01-05 09:20:12.959root 11241100x80000000000000006861114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84ce900258ad7972022-01-05 09:20:12.959root 11241100x80000000000000006861115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedc70e7370bc2a42022-01-05 09:20:12.959root 11241100x80000000000000006861116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7225461ca355e62022-01-05 09:20:12.959root 11241100x80000000000000006861117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b997c674d34fd05b2022-01-05 09:20:12.959root 354300x80000000000000006861118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.177{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40692-false10.0.1.12-8000- 11241100x80000000000000006861119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc2e0922113bc22022-01-05 09:20:13.459root 11241100x80000000000000006861120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f5bf7a299f66f22022-01-05 09:20:13.459root 11241100x80000000000000006861121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eddf32d8f38ce532022-01-05 09:20:13.459root 11241100x80000000000000006861122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b4f868e25677f2022-01-05 09:20:13.459root 11241100x80000000000000006861123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f00d1e9707216bd2022-01-05 09:20:13.460root 11241100x80000000000000006861124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d79b34ffabe34db2022-01-05 09:20:13.460root 11241100x80000000000000006861125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c70a729dbd2ed0f2022-01-05 09:20:13.959root 11241100x80000000000000006861126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87278e0568f8705f2022-01-05 09:20:13.959root 11241100x80000000000000006861127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e634bfd054852f0e2022-01-05 09:20:13.959root 11241100x80000000000000006861128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b157e1f65b8166b02022-01-05 09:20:13.960root 11241100x80000000000000006861129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d751c0bd99869d32022-01-05 09:20:13.960root 11241100x80000000000000006861130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d020623b804a172022-01-05 09:20:13.960root 534500x80000000000000006861131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:13.985{ec2e79f3-af45-61d2-c81a-c448f1550000}466/lib/systemd/systemd-journaldroot 11241100x80000000000000006861132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6301badc89362c712022-01-05 09:20:14.459root 11241100x80000000000000006861133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1542c9f3838bf92022-01-05 09:20:14.459root 11241100x80000000000000006861134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666b91791dc0ea762022-01-05 09:20:14.459root 11241100x80000000000000006861135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e97d10913d82022022-01-05 09:20:14.459root 11241100x80000000000000006861136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6c764b3c72a70c2022-01-05 09:20:14.459root 11241100x80000000000000006861137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df25a986da99742022-01-05 09:20:14.459root 11241100x80000000000000006861138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e82f05fe3bb0462022-01-05 09:20:14.460root 11241100x80000000000000006861139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c56e6b9151c9fb2022-01-05 09:20:14.959root 11241100x80000000000000006861140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd19758796e0b39d2022-01-05 09:20:14.959root 11241100x80000000000000006861141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f47146d65343782022-01-05 09:20:14.959root 11241100x80000000000000006861142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a617497e32a1442022-01-05 09:20:14.959root 11241100x80000000000000006861143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a0acba08af13fb2022-01-05 09:20:14.959root 11241100x80000000000000006861144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456f4ae7ba1a20342022-01-05 09:20:14.959root 11241100x80000000000000006861145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80c03f0d55b989e2022-01-05 09:20:14.960root 11241100x80000000000000006861146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4004c8b60e0385fc2022-01-05 09:20:15.459root 11241100x80000000000000006861147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c25858283649332022-01-05 09:20:15.459root 11241100x80000000000000006861148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc132c2ee9b98852022-01-05 09:20:15.459root 11241100x80000000000000006861149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752e08b410aa43c02022-01-05 09:20:15.459root 11241100x80000000000000006861150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a8245c31f3f6202022-01-05 09:20:15.459root 11241100x80000000000000006861151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c417602def08af952022-01-05 09:20:15.459root 11241100x80000000000000006861152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c61100830f370d2022-01-05 09:20:15.460root 11241100x80000000000000006861153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d56777ac5951942022-01-05 09:20:15.959root 11241100x80000000000000006861154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c82ec76b458aa522022-01-05 09:20:15.959root 11241100x80000000000000006861155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f3f7f43416293b2022-01-05 09:20:15.959root 11241100x80000000000000006861156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f3fe444ee78df2022-01-05 09:20:15.960root 11241100x80000000000000006861157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892f565765488efa2022-01-05 09:20:15.960root 11241100x80000000000000006861158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c3aaac3cf044a82022-01-05 09:20:15.960root 11241100x80000000000000006861159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52e86911eff79e42022-01-05 09:20:15.960root 11241100x80000000000000006861160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9663a369979dbf7f2022-01-05 09:20:16.459root 11241100x80000000000000006861161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca53a76b4f5c460e2022-01-05 09:20:16.459root 11241100x80000000000000006861162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca1168eb10794182022-01-05 09:20:16.459root 11241100x80000000000000006861163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37570a37db7bc29a2022-01-05 09:20:16.459root 11241100x80000000000000006861164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ba81a85253ce32022-01-05 09:20:16.459root 11241100x80000000000000006861165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8498260bcbb220332022-01-05 09:20:16.459root 11241100x80000000000000006861166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3808c3d0bb5eb15a2022-01-05 09:20:16.460root 11241100x80000000000000006861167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f18583bc77a2a02022-01-05 09:20:16.959root 11241100x80000000000000006861168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f8d44042f65bbb2022-01-05 09:20:16.959root 11241100x80000000000000006861169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20e19b26a3a73552022-01-05 09:20:16.959root 11241100x80000000000000006861170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e8065a326e1532022-01-05 09:20:16.959root 11241100x80000000000000006861171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5485ebb85ed231a02022-01-05 09:20:16.959root 11241100x80000000000000006861172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b43d0772b3e7712022-01-05 09:20:16.960root 11241100x80000000000000006861173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37cdad1c32598ea2022-01-05 09:20:16.960root 11241100x80000000000000006861174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d90594a7056fbac2022-01-05 09:20:17.459root 11241100x80000000000000006861175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f87241a1f4a9dc2022-01-05 09:20:17.459root 11241100x80000000000000006861176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f117f8844e7ff49f2022-01-05 09:20:17.459root 11241100x80000000000000006861177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18130c580c1e9c82022-01-05 09:20:17.459root 11241100x80000000000000006861178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85506c57e7c826b52022-01-05 09:20:17.459root 11241100x80000000000000006861179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5ba3b38b4cb8d22022-01-05 09:20:17.459root 11241100x80000000000000006861180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c30dd4262759deb2022-01-05 09:20:17.460root 11241100x80000000000000006861181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e235fe054c59258b2022-01-05 09:20:17.959root 11241100x80000000000000006861182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d7c8b5faa87412022-01-05 09:20:17.959root 11241100x80000000000000006861183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5322181954e4cd2022-01-05 09:20:17.959root 11241100x80000000000000006861184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b37b440c7780ec2022-01-05 09:20:17.959root 11241100x80000000000000006861185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4187f768bcbdda72022-01-05 09:20:17.960root 11241100x80000000000000006861186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0646a178c4c6b0d2022-01-05 09:20:17.960root 11241100x80000000000000006861187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75bc71fe411ca1d2022-01-05 09:20:17.960root 354300x80000000000000006861188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.200{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40694-false10.0.1.12-8000- 11241100x80000000000000006861189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d1aaf6ae04fa0f2022-01-05 09:20:18.459root 11241100x80000000000000006861190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c4ccf7d5aee89d2022-01-05 09:20:18.459root 11241100x80000000000000006861191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c71b8819ce324b82022-01-05 09:20:18.460root 11241100x80000000000000006861192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dfdd04e5a7499f2022-01-05 09:20:18.460root 11241100x80000000000000006861193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a8326f13831622022-01-05 09:20:18.460root 11241100x80000000000000006861194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7bea3ee81a2c632022-01-05 09:20:18.460root 11241100x80000000000000006861195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9898b470ad51cfb2022-01-05 09:20:18.460root 11241100x80000000000000006861196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbeefe99b2a2a7a2022-01-05 09:20:18.460root 11241100x80000000000000006861197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352599bd22d87972022-01-05 09:20:18.959root 11241100x80000000000000006861198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad227607707c1afb2022-01-05 09:20:18.959root 11241100x80000000000000006861199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f67eef53baa5d82022-01-05 09:20:18.960root 11241100x80000000000000006861200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a5b7bfeb325b712022-01-05 09:20:18.960root 11241100x80000000000000006861201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c90e904a703babc2022-01-05 09:20:18.960root 11241100x80000000000000006861202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f17b5736f9ffa1e2022-01-05 09:20:18.960root 11241100x80000000000000006861203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021b38567c70bd682022-01-05 09:20:18.960root 11241100x80000000000000006861204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2364d92f1c641e2022-01-05 09:20:18.961root 11241100x80000000000000006861205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7402e645e474152022-01-05 09:20:19.459root 11241100x80000000000000006861206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621d593ce593ee742022-01-05 09:20:19.459root 11241100x80000000000000006861207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c8effe42a70f002022-01-05 09:20:19.459root 11241100x80000000000000006861208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c09461b38a54eb2022-01-05 09:20:19.459root 11241100x80000000000000006861209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d20a43ff7ee57202022-01-05 09:20:19.460root 11241100x80000000000000006861210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b2fa096da71f52022-01-05 09:20:19.460root 11241100x80000000000000006861211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2940b0f15876090c2022-01-05 09:20:19.460root 11241100x80000000000000006861212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4ca056dacf08022022-01-05 09:20:19.460root 11241100x80000000000000006861213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26118ed7d71e6c532022-01-05 09:20:19.959root 11241100x80000000000000006861214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2886e8b82469502022-01-05 09:20:19.959root 11241100x80000000000000006861215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf1a3be6f68fe402022-01-05 09:20:19.960root 11241100x80000000000000006861216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c553c43a57dcd0432022-01-05 09:20:19.960root 11241100x80000000000000006861217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d311d2cbb114532022-01-05 09:20:19.960root 11241100x80000000000000006861218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf60da0ee51aca2022-01-05 09:20:19.960root 11241100x80000000000000006861219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbc09cefd14d9322022-01-05 09:20:19.960root 11241100x80000000000000006861220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbb1ccc9dc9f7a52022-01-05 09:20:19.960root 11241100x80000000000000006861221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18eaca10a2e7eb342022-01-05 09:20:20.459root 11241100x80000000000000006861222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95df4575f8a7c5b62022-01-05 09:20:20.459root 11241100x80000000000000006861223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a95c5499768c26f2022-01-05 09:20:20.459root 11241100x80000000000000006861224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d4b3ec5308845d2022-01-05 09:20:20.459root 11241100x80000000000000006861225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecf59f607ea30c32022-01-05 09:20:20.460root 11241100x80000000000000006861226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebb7a758fd323192022-01-05 09:20:20.460root 11241100x80000000000000006861227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37bde3b326da14a2022-01-05 09:20:20.460root 11241100x80000000000000006861228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3f2f352cc1d4a2022-01-05 09:20:20.460root 11241100x80000000000000006861229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92407e063fa3f5e32022-01-05 09:20:20.959root 11241100x80000000000000006861230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d8ba2322069ad52022-01-05 09:20:20.959root 11241100x80000000000000006861231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f294e5c827aba27d2022-01-05 09:20:20.960root 11241100x80000000000000006861232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28a16e954d8c8322022-01-05 09:20:20.960root 11241100x80000000000000006861233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9023ec1b69a3086b2022-01-05 09:20:20.960root 11241100x80000000000000006861234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bad8c7b2e95ee62022-01-05 09:20:20.960root 11241100x80000000000000006861235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb99f05aacc55bf2022-01-05 09:20:20.960root 11241100x80000000000000006861236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a50888cce83c472022-01-05 09:20:20.960root 11241100x80000000000000006861237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777bad539a64e67f2022-01-05 09:20:21.459root 11241100x80000000000000006861238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfb072c13af79be2022-01-05 09:20:21.459root 11241100x80000000000000006861239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff78f63e7464a6292022-01-05 09:20:21.459root 11241100x80000000000000006861240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9a6f85ff98d3582022-01-05 09:20:21.459root 11241100x80000000000000006861241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4df921644eebaf82022-01-05 09:20:21.460root 11241100x80000000000000006861242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b000d7dc74f8dbe62022-01-05 09:20:21.460root 11241100x80000000000000006861243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b524b5b0667f0372022-01-05 09:20:21.460root 11241100x80000000000000006861244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c538bbff98bcff1a2022-01-05 09:20:21.460root 11241100x80000000000000006861245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9543207e90d6b5d52022-01-05 09:20:21.959root 11241100x80000000000000006861246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a0bb0e078af042022-01-05 09:20:21.959root 11241100x80000000000000006861247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee0c8064e5a69f42022-01-05 09:20:21.959root 11241100x80000000000000006861248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eeda6ba47fbb3a2022-01-05 09:20:21.959root 11241100x80000000000000006861249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408d7d60e18f5dfe2022-01-05 09:20:21.960root 11241100x80000000000000006861250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ffda0c6ec25f202022-01-05 09:20:21.960root 11241100x80000000000000006861251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98ba34e9fcfa1aa2022-01-05 09:20:21.960root 11241100x80000000000000006861252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02fa16cbeb23cdc2022-01-05 09:20:21.960root 11241100x80000000000000006861253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43fe25743cc7a842022-01-05 09:20:22.459root 11241100x80000000000000006861254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4711afe37e6e5d72022-01-05 09:20:22.460root 11241100x80000000000000006861255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a125bce9f5f2b4fd2022-01-05 09:20:22.460root 11241100x80000000000000006861256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39465db8ea826132022-01-05 09:20:22.460root 11241100x80000000000000006861257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf8f3deee7ff432022-01-05 09:20:22.460root 11241100x80000000000000006861258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b0d8e5b91128882022-01-05 09:20:22.460root 11241100x80000000000000006861259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddf77e5e74d735f2022-01-05 09:20:22.460root 11241100x80000000000000006861260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64425e99ab631ef2022-01-05 09:20:22.460root 11241100x80000000000000006861261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55aaa6d9992216d2022-01-05 09:20:22.959root 11241100x80000000000000006861262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d2b571e2fe29832022-01-05 09:20:22.959root 11241100x80000000000000006861263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d756e7a3fe44ac92022-01-05 09:20:22.959root 11241100x80000000000000006861264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57819bea99bf00ac2022-01-05 09:20:22.959root 11241100x80000000000000006861265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1ea107012dcae62022-01-05 09:20:22.960root 11241100x80000000000000006861266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d27a1536750842022-01-05 09:20:22.960root 11241100x80000000000000006861267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8069afd6ce10572022-01-05 09:20:22.960root 11241100x80000000000000006861268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071dd38aae2233952022-01-05 09:20:22.960root 11241100x80000000000000006861269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f1d5fe964b13542022-01-05 09:20:23.459root 11241100x80000000000000006861270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405fd91057c2e7b42022-01-05 09:20:23.459root 11241100x80000000000000006861271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb852263087d2e12022-01-05 09:20:23.459root 11241100x80000000000000006861272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6326b6c1520c95c2022-01-05 09:20:23.459root 11241100x80000000000000006861273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006dc471e4c35fca2022-01-05 09:20:23.460root 11241100x80000000000000006861274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ea44971121eaa42022-01-05 09:20:23.460root 11241100x80000000000000006861275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2ebee3dd55e5df2022-01-05 09:20:23.460root 11241100x80000000000000006861276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78048da376c283782022-01-05 09:20:23.460root 11241100x80000000000000006861277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc52470d413474f2022-01-05 09:20:23.959root 11241100x80000000000000006861278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3758f8071684812022-01-05 09:20:23.959root 11241100x80000000000000006861279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aa6adb5f1000a22022-01-05 09:20:23.959root 11241100x80000000000000006861280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb18631796ee34bd2022-01-05 09:20:23.959root 11241100x80000000000000006861281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2791e72551af597b2022-01-05 09:20:23.960root 11241100x80000000000000006861282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f264e4389245803a2022-01-05 09:20:23.960root 11241100x80000000000000006861283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e58bae0f4d10d692022-01-05 09:20:23.960root 11241100x80000000000000006861284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c57f14aa80a45832022-01-05 09:20:23.960root 354300x80000000000000006861285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.009{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40696-false10.0.1.12-8000- 11241100x80000000000000006861286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b868eea60bc180f72022-01-05 09:20:24.459root 11241100x80000000000000006861287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003320d8ecf534d52022-01-05 09:20:24.459root 11241100x80000000000000006861288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071a25eb9eacd0fb2022-01-05 09:20:24.459root 11241100x80000000000000006861289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2dd5467dab44892022-01-05 09:20:24.459root 11241100x80000000000000006861290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb62335b906fe4832022-01-05 09:20:24.459root 11241100x80000000000000006861291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ca5fdd94c407b2022-01-05 09:20:24.460root 11241100x80000000000000006861292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79964890de4d64e2022-01-05 09:20:24.460root 11241100x80000000000000006861293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1267a3c3855e3c282022-01-05 09:20:24.460root 11241100x80000000000000006861294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c1c567eef784052022-01-05 09:20:24.460root 11241100x80000000000000006861295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24add107f137df222022-01-05 09:20:24.959root 11241100x80000000000000006861296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27707c32f088c6ac2022-01-05 09:20:24.959root 11241100x80000000000000006861297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cd02586990c4542022-01-05 09:20:24.959root 11241100x80000000000000006861298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf529144e42daa422022-01-05 09:20:24.960root 11241100x80000000000000006861299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43970750b1b54f02022-01-05 09:20:24.960root 11241100x80000000000000006861300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcd5b012d1f7b8b2022-01-05 09:20:24.960root 11241100x80000000000000006861301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e719dca1b87387782022-01-05 09:20:24.960root 11241100x80000000000000006861302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d527f162b7ce9a2022-01-05 09:20:24.960root 11241100x80000000000000006861303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:24.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a219d355f49f8c572022-01-05 09:20:24.960root 11241100x80000000000000006861304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf53a113a1ef33d2022-01-05 09:20:25.459root 11241100x80000000000000006861305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9969833005a0b9eb2022-01-05 09:20:25.459root 11241100x80000000000000006861306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c684e331a8efb2022-01-05 09:20:25.459root 11241100x80000000000000006861307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50747a45b52a5a302022-01-05 09:20:25.459root 11241100x80000000000000006861308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0501df2195a62e12022-01-05 09:20:25.460root 11241100x80000000000000006861309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8083223ca7a3f6cf2022-01-05 09:20:25.460root 11241100x80000000000000006861310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e0b6c35d58a9bd2022-01-05 09:20:25.460root 11241100x80000000000000006861311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75d1f1ef35a58f82022-01-05 09:20:25.460root 11241100x80000000000000006861312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f1a69058c1b1a32022-01-05 09:20:25.460root 11241100x80000000000000006861313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fed13f2f1cc2a52022-01-05 09:20:25.959root 11241100x80000000000000006861314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393dff69a698373b2022-01-05 09:20:25.960root 11241100x80000000000000006861315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e361afa3df0226082022-01-05 09:20:25.960root 11241100x80000000000000006861316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9644dd1b43a66a62022-01-05 09:20:25.960root 11241100x80000000000000006861317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66ff2388941153c2022-01-05 09:20:25.960root 11241100x80000000000000006861318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4970d233b2c064a2022-01-05 09:20:25.960root 11241100x80000000000000006861319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7df8e0b4177b3642022-01-05 09:20:25.960root 11241100x80000000000000006861320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67c8c40d080cfee2022-01-05 09:20:25.960root 11241100x80000000000000006861321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:25.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb79a8fb9d0acac2022-01-05 09:20:25.960root 11241100x80000000000000006861322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00b087aacd5cf722022-01-05 09:20:26.459root 11241100x80000000000000006861323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400bdf1c6a6716dd2022-01-05 09:20:26.459root 11241100x80000000000000006861324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b9ed0fa9544cfd2022-01-05 09:20:26.459root 11241100x80000000000000006861325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6e90d21e7550d52022-01-05 09:20:26.459root 11241100x80000000000000006861326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb85c7e0fe297912022-01-05 09:20:26.460root 11241100x80000000000000006861327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878a2b91c08e2292022-01-05 09:20:26.460root 11241100x80000000000000006861328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0e56230cf7ae532022-01-05 09:20:26.460root 11241100x80000000000000006861329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27631756af679b6f2022-01-05 09:20:26.460root 11241100x80000000000000006861330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932f2825c49376282022-01-05 09:20:26.460root 11241100x80000000000000006861331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbf7334d00feca52022-01-05 09:20:26.959root 11241100x80000000000000006861332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e510a163e33f33b2022-01-05 09:20:26.959root 11241100x80000000000000006861333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1077ca0c92a9982022-01-05 09:20:26.959root 11241100x80000000000000006861334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa4cd8bc8f7569d2022-01-05 09:20:26.959root 11241100x80000000000000006861335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65e33301920b5192022-01-05 09:20:26.959root 11241100x80000000000000006861336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd2a9c100c5a7e32022-01-05 09:20:26.960root 11241100x80000000000000006861337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03e9a618abc2dc82022-01-05 09:20:26.960root 11241100x80000000000000006861338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1b3ed2ae88beb32022-01-05 09:20:26.960root 11241100x80000000000000006861339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1408696c240103d72022-01-05 09:20:26.960root 11241100x80000000000000006861340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384eb6af9644536b2022-01-05 09:20:27.459root 11241100x80000000000000006861341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1edb90749451b92022-01-05 09:20:27.459root 11241100x80000000000000006861342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f63f8d46159ae2022-01-05 09:20:27.459root 11241100x80000000000000006861343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da46db253a740e752022-01-05 09:20:27.459root 11241100x80000000000000006861344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0565d141c577bfb12022-01-05 09:20:27.459root 11241100x80000000000000006861345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1f1c3e1aac7492022-01-05 09:20:27.460root 11241100x80000000000000006861346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a199557968887f2022-01-05 09:20:27.460root 11241100x80000000000000006861347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c218c1d5590573a42022-01-05 09:20:27.460root 11241100x80000000000000006861348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76df188900753e12022-01-05 09:20:27.460root 11241100x80000000000000006861349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228837ec749904b2022-01-05 09:20:27.959root 11241100x80000000000000006861350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d86e435cffd5f502022-01-05 09:20:27.959root 11241100x80000000000000006861351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae0a12da59efefa2022-01-05 09:20:27.959root 11241100x80000000000000006861352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f437be34f0c51b92022-01-05 09:20:27.959root 11241100x80000000000000006861353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745198f379bad7a52022-01-05 09:20:27.959root 11241100x80000000000000006861354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d30dd9514f8972022-01-05 09:20:27.960root 11241100x80000000000000006861355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dafa220f0260a612022-01-05 09:20:27.960root 11241100x80000000000000006861356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe900ef4e6ca4812022-01-05 09:20:27.960root 11241100x80000000000000006861357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8320fead8acea42022-01-05 09:20:27.960root 11241100x80000000000000006861358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67164a5b5a406fb62022-01-05 09:20:28.459root 11241100x80000000000000006861359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e601f4dda6a10a722022-01-05 09:20:28.459root 11241100x80000000000000006861360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431689f4632b14f02022-01-05 09:20:28.460root 11241100x80000000000000006861361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b9ad1eb0000ba42022-01-05 09:20:28.460root 11241100x80000000000000006861362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2ff32b6005780f2022-01-05 09:20:28.460root 11241100x80000000000000006861363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6994bb3834836f592022-01-05 09:20:28.460root 11241100x80000000000000006861364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3b6a3db913afd2022-01-05 09:20:28.460root 11241100x80000000000000006861365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85145ff4cebbae7a2022-01-05 09:20:28.460root 11241100x80000000000000006861366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871f788674a5b5652022-01-05 09:20:28.460root 11241100x80000000000000006861367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a62d26d6f9c7caa2022-01-05 09:20:28.959root 11241100x80000000000000006861368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2560072024b492022-01-05 09:20:28.959root 11241100x80000000000000006861369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9796bf43da177402022-01-05 09:20:28.959root 11241100x80000000000000006861370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b6ea21926994042022-01-05 09:20:28.959root 11241100x80000000000000006861371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee18e4dfa0d513ef2022-01-05 09:20:28.959root 11241100x80000000000000006861372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17199c6d67cd9da42022-01-05 09:20:28.960root 11241100x80000000000000006861373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3857ffbbf9227ee2022-01-05 09:20:28.960root 11241100x80000000000000006861374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866edadefef5a6622022-01-05 09:20:28.960root 11241100x80000000000000006861375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed8542175edbc9c2022-01-05 09:20:28.960root 354300x80000000000000006861376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.163{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40698-false10.0.1.12-8000- 11241100x80000000000000006861377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:20:29.402root 11241100x80000000000000006861378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c51427b143d0ec2022-01-05 09:20:29.404root 11241100x80000000000000006861379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17533455848bb722022-01-05 09:20:29.404root 11241100x80000000000000006861380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b518fba2b94161ff2022-01-05 09:20:29.404root 11241100x80000000000000006861381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb898af6ce88c302022-01-05 09:20:29.404root 11241100x80000000000000006861382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9bf17f01e6d1ef2022-01-05 09:20:29.404root 11241100x80000000000000006861383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bc517cc5c5c4f42022-01-05 09:20:29.404root 11241100x80000000000000006861384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ad089eac1d1ce2022-01-05 09:20:29.404root 11241100x80000000000000006861385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac263ab2b0107b422022-01-05 09:20:29.404root 11241100x80000000000000006861386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92db257369533f5c2022-01-05 09:20:29.404root 11241100x80000000000000006861387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b84f6979ac889692022-01-05 09:20:29.405root 11241100x80000000000000006861388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63baa705d487f3c32022-01-05 09:20:29.405root 11241100x80000000000000006861389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00ea25f1eb262c62022-01-05 09:20:29.709root 11241100x80000000000000006861390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06304be50a4451c2022-01-05 09:20:29.710root 11241100x80000000000000006861391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a8eb22933d80fb2022-01-05 09:20:29.710root 11241100x80000000000000006861392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47981a2dcb9a99222022-01-05 09:20:29.710root 11241100x80000000000000006861393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659fa0ee19c2e942022-01-05 09:20:29.710root 11241100x80000000000000006861394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f2c8546d9c50062022-01-05 09:20:29.710root 11241100x80000000000000006861395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c23502bdebdda802022-01-05 09:20:29.710root 11241100x80000000000000006861396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbe1d47c3c3e00c2022-01-05 09:20:29.710root 11241100x80000000000000006861397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f444c390f166bd202022-01-05 09:20:29.710root 11241100x80000000000000006861398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8763d30d760e16da2022-01-05 09:20:29.710root 11241100x80000000000000006861399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8232936c56ef288a2022-01-05 09:20:29.710root 11241100x80000000000000006861400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd111a8daea4fb82022-01-05 09:20:30.209root 11241100x80000000000000006861401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3c63010015fa82022-01-05 09:20:30.209root 11241100x80000000000000006861402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5638fd0b994f712022-01-05 09:20:30.209root 11241100x80000000000000006861403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e7f8ea2a93afd82022-01-05 09:20:30.210root 11241100x80000000000000006861404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d4087fb24095602022-01-05 09:20:30.210root 11241100x80000000000000006861405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d49f8e2401bee42022-01-05 09:20:30.210root 11241100x80000000000000006861406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f06fde73da9a72022-01-05 09:20:30.210root 11241100x80000000000000006861407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dc0a458bd7fba32022-01-05 09:20:30.210root 11241100x80000000000000006861408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0131db637ab2c62022-01-05 09:20:30.210root 11241100x80000000000000006861409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898a195e11dd79c02022-01-05 09:20:30.210root 11241100x80000000000000006861410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7536d168d1fb95b2022-01-05 09:20:30.210root 11241100x80000000000000006861411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91ab23f823d4a1f2022-01-05 09:20:30.709root 11241100x80000000000000006861412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea401d8aff52922022-01-05 09:20:30.709root 11241100x80000000000000006861413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1285bc7833423a9b2022-01-05 09:20:30.709root 11241100x80000000000000006861414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecbf0cfa0c93a3e2022-01-05 09:20:30.710root 11241100x80000000000000006861415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bec1fed071f4a32022-01-05 09:20:30.710root 11241100x80000000000000006861416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c6021a79c5f9c42022-01-05 09:20:30.710root 11241100x80000000000000006861417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e3bd91096db32f2022-01-05 09:20:30.710root 11241100x80000000000000006861418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4f6cf7f1592aa72022-01-05 09:20:30.710root 11241100x80000000000000006861419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7740daf1639aea42022-01-05 09:20:30.710root 11241100x80000000000000006861420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc738e657eccd99e2022-01-05 09:20:30.710root 11241100x80000000000000006861421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cc9324bb5625e42022-01-05 09:20:30.710root 11241100x80000000000000006861422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ae98fe512cc1d2022-01-05 09:20:31.209root 11241100x80000000000000006861423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377934ccc14fa9502022-01-05 09:20:31.209root 11241100x80000000000000006861424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4775990bb4e60ac42022-01-05 09:20:31.209root 11241100x80000000000000006861425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b353227d7f81bde32022-01-05 09:20:31.210root 11241100x80000000000000006861426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebe9b5cb3f890022022-01-05 09:20:31.210root 11241100x80000000000000006861427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bcf908ffe664992022-01-05 09:20:31.210root 11241100x80000000000000006861428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77555ba0620956d12022-01-05 09:20:31.210root 11241100x80000000000000006861429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d555c96394561f32022-01-05 09:20:31.210root 11241100x80000000000000006861430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c543b71b14b85a022022-01-05 09:20:31.210root 11241100x80000000000000006861431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe522641d2e3a222022-01-05 09:20:31.210root 11241100x80000000000000006861432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4566c9a33a1e14172022-01-05 09:20:31.210root 11241100x80000000000000006861433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b509426a2340822022-01-05 09:20:31.709root 11241100x80000000000000006861434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81e168b4c42081b2022-01-05 09:20:31.709root 11241100x80000000000000006861435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fb38f94a1f58922022-01-05 09:20:31.710root 11241100x80000000000000006861436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1bc8a72a151822022-01-05 09:20:31.710root 11241100x80000000000000006861437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1442bd102d4952c2022-01-05 09:20:31.710root 11241100x80000000000000006861438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4876390d767a4b2022-01-05 09:20:31.710root 11241100x80000000000000006861439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953c33bf12caf5012022-01-05 09:20:31.710root 11241100x80000000000000006861440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec0ed7598b0654d2022-01-05 09:20:31.710root 11241100x80000000000000006861441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84622ba5e49bc732022-01-05 09:20:31.710root 11241100x80000000000000006861442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18b3e1c63a842842022-01-05 09:20:31.710root 11241100x80000000000000006861443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1abd47920633a32022-01-05 09:20:31.710root 11241100x80000000000000006861444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e46c7ba2b2a19ad2022-01-05 09:20:32.209root 11241100x80000000000000006861445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b8e5b1fa9d51d52022-01-05 09:20:32.209root 11241100x80000000000000006861446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f33e7638abf86402022-01-05 09:20:32.209root 11241100x80000000000000006861447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363aadfa161d87db2022-01-05 09:20:32.210root 11241100x80000000000000006861448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d55ad89e74207b2022-01-05 09:20:32.210root 11241100x80000000000000006861449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebb31df1131f0f52022-01-05 09:20:32.210root 11241100x80000000000000006861450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a6abf32d29c80e2022-01-05 09:20:32.210root 11241100x80000000000000006861451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d80d514928a12e42022-01-05 09:20:32.210root 11241100x80000000000000006861452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e929582d24fcb2022-01-05 09:20:32.210root 11241100x80000000000000006861453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b533d031c7191612022-01-05 09:20:32.210root 11241100x80000000000000006861454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cea84514d658a42022-01-05 09:20:32.210root 23542300x80000000000000006861455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006861456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a55e667cfae25982022-01-05 09:20:32.709root 11241100x80000000000000006861457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01dc8c467a55f192022-01-05 09:20:32.709root 11241100x80000000000000006861458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7751c17e1ee7432022-01-05 09:20:32.709root 11241100x80000000000000006861459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df45ef9d2d010ad2022-01-05 09:20:32.710root 11241100x80000000000000006861460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86e398a082d45fa2022-01-05 09:20:32.710root 11241100x80000000000000006861461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927f0c45b4d656912022-01-05 09:20:32.710root 11241100x80000000000000006861462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc895c975240d0dd2022-01-05 09:20:32.710root 11241100x80000000000000006861463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7b107a99174c512022-01-05 09:20:32.710root 11241100x80000000000000006861464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73d67e17a4da1862022-01-05 09:20:32.710root 11241100x80000000000000006861465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756a267e176a44822022-01-05 09:20:32.710root 11241100x80000000000000006861466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45764c7dfcf397102022-01-05 09:20:32.710root 11241100x80000000000000006861467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cdcde0a4889c202022-01-05 09:20:32.710root 11241100x80000000000000006861468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4404d5c5c0c55f262022-01-05 09:20:33.209root 11241100x80000000000000006861469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a7431c7da5bd602022-01-05 09:20:33.209root 11241100x80000000000000006861470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165376b5d50f1d4c2022-01-05 09:20:33.209root 11241100x80000000000000006861471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac4cfe8efe8900b2022-01-05 09:20:33.209root 11241100x80000000000000006861472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903bda79f6843bec2022-01-05 09:20:33.209root 11241100x80000000000000006861473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ae378583fb614b2022-01-05 09:20:33.210root 11241100x80000000000000006861474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ced59c18aaf0d92022-01-05 09:20:33.210root 11241100x80000000000000006861475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d11abb3ebd9877b2022-01-05 09:20:33.210root 11241100x80000000000000006861476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f799b9615e25c32022-01-05 09:20:33.210root 11241100x80000000000000006861477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a28dbb40acfc42022-01-05 09:20:33.210root 11241100x80000000000000006861478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d59cd69f17ac842022-01-05 09:20:33.211root 11241100x80000000000000006861479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea96a603ff7ad1992022-01-05 09:20:33.211root 354300x80000000000000006861480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.441{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41180-false10.0.1.12-8089- 11241100x80000000000000006861481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18e406f389c08492022-01-05 09:20:33.709root 11241100x80000000000000006861482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd084161bb0270842022-01-05 09:20:33.709root 11241100x80000000000000006861483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdb546d278f3cf72022-01-05 09:20:33.709root 11241100x80000000000000006861484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8180b14c74ef22022-01-05 09:20:33.710root 11241100x80000000000000006861485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09ceeacbab9f2672022-01-05 09:20:33.710root 11241100x80000000000000006861486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e52064af6b863f2022-01-05 09:20:33.710root 11241100x80000000000000006861487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c206ce2cf11126c2022-01-05 09:20:33.710root 11241100x80000000000000006861488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777087d781bac622022-01-05 09:20:33.711root 11241100x80000000000000006861489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb95ff2ba33df3de2022-01-05 09:20:33.711root 11241100x80000000000000006861490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37cc1b0dfd7cc142022-01-05 09:20:33.711root 11241100x80000000000000006861491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1112e683b47dec2022-01-05 09:20:33.712root 11241100x80000000000000006861492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ceaf3fdc05aec212022-01-05 09:20:33.712root 11241100x80000000000000006861493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a19e645cc05a4d2022-01-05 09:20:33.712root 11241100x80000000000000006861494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ae9b890bfc3e052022-01-05 09:20:34.209root 11241100x80000000000000006861495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1024d69c3b79262022-01-05 09:20:34.209root 11241100x80000000000000006861496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc6af56ef8081aa2022-01-05 09:20:34.210root 11241100x80000000000000006861497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c334fb2d2c3de2022-01-05 09:20:34.210root 11241100x80000000000000006861498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b435b7b30c9d26d02022-01-05 09:20:34.210root 11241100x80000000000000006861499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1b30afabb34bd32022-01-05 09:20:34.210root 11241100x80000000000000006861500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13e1e59e2607bda2022-01-05 09:20:34.210root 11241100x80000000000000006861501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7304a62de423cfb42022-01-05 09:20:34.210root 11241100x80000000000000006861502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68cf424b25211f72022-01-05 09:20:34.210root 11241100x80000000000000006861503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2756653b9b86e4c2022-01-05 09:20:34.210root 11241100x80000000000000006861504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f78ff6ab0f5a9ac2022-01-05 09:20:34.210root 11241100x80000000000000006861505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068300ca0b74023f2022-01-05 09:20:34.210root 11241100x80000000000000006861506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7487055049e61e772022-01-05 09:20:34.210root 11241100x80000000000000006861507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d8359ddaf1f4612022-01-05 09:20:34.709root 11241100x80000000000000006861508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff261eedef9dab512022-01-05 09:20:34.710root 11241100x80000000000000006861509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d11eadc5d697b12022-01-05 09:20:34.710root 11241100x80000000000000006861510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5403da956fa39f82022-01-05 09:20:34.710root 11241100x80000000000000006861511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32011233111ee3082022-01-05 09:20:34.710root 11241100x80000000000000006861512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87235cf0fcae09972022-01-05 09:20:34.710root 11241100x80000000000000006861513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7604fd79c15dbb2022-01-05 09:20:34.710root 11241100x80000000000000006861514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b270913282e6c1022022-01-05 09:20:34.710root 11241100x80000000000000006861515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff90e8bfd44a49762022-01-05 09:20:34.710root 11241100x80000000000000006861516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39092e10ef73e25f2022-01-05 09:20:34.710root 11241100x80000000000000006861517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf16c1e7b84dbf82022-01-05 09:20:34.710root 11241100x80000000000000006861518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5069b4cced2fed692022-01-05 09:20:34.710root 11241100x80000000000000006861519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:34.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c93f37bcc85f182022-01-05 09:20:34.710root 354300x80000000000000006861520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.068{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40702-false10.0.1.12-8000- 11241100x80000000000000006861521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8649713b710e642022-01-05 09:20:35.068root 11241100x80000000000000006861522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1f1bfd24ad359b2022-01-05 09:20:35.068root 11241100x80000000000000006861523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f55d4c5c143a212022-01-05 09:20:35.069root 11241100x80000000000000006861524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3859b8fedd80472022-01-05 09:20:35.069root 11241100x80000000000000006861525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2189c22318e457902022-01-05 09:20:35.069root 11241100x80000000000000006861526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29551e8f5d7c157a2022-01-05 09:20:35.069root 11241100x80000000000000006861527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7099df0b91674c402022-01-05 09:20:35.069root 11241100x80000000000000006861528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac0e9363c4475fd2022-01-05 09:20:35.069root 11241100x80000000000000006861529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239bddbf270dc2322022-01-05 09:20:35.069root 11241100x80000000000000006861530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435324ef123adaf92022-01-05 09:20:35.070root 11241100x80000000000000006861531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c85514d45485002022-01-05 09:20:35.070root 11241100x80000000000000006861532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d91c8b41c6ed82022-01-05 09:20:35.070root 11241100x80000000000000006861533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02ba7b3012a15042022-01-05 09:20:35.070root 11241100x80000000000000006861534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2781c9c9e6c5ee8b2022-01-05 09:20:35.070root 11241100x80000000000000006861535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb6aa64db892b052022-01-05 09:20:35.070root 11241100x80000000000000006861536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bb7571a79df1272022-01-05 09:20:35.459root 11241100x80000000000000006861537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6a096bfcb7a7d52022-01-05 09:20:35.459root 11241100x80000000000000006861538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389cef437b09d18b2022-01-05 09:20:35.460root 11241100x80000000000000006861539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663b7887d9eb03d52022-01-05 09:20:35.460root 11241100x80000000000000006861540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88324719689fd28f2022-01-05 09:20:35.460root 11241100x80000000000000006861541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfb73cfe208d9b2022-01-05 09:20:35.460root 11241100x80000000000000006861542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a48d16c7400a7962022-01-05 09:20:35.460root 11241100x80000000000000006861543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a734701b1184a02022-01-05 09:20:35.460root 11241100x80000000000000006861544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6097ae45c9b36d12022-01-05 09:20:35.460root 11241100x80000000000000006861545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9138f169b82562022-01-05 09:20:35.460root 11241100x80000000000000006861546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bfec52d4cfc4aa2022-01-05 09:20:35.460root 11241100x80000000000000006861547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a5b2ba397cafa12022-01-05 09:20:35.460root 11241100x80000000000000006861548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d711be5ee6d3c9a2022-01-05 09:20:35.461root 11241100x80000000000000006861549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6951637d98c4c6f2022-01-05 09:20:35.461root 11241100x80000000000000006861550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b784195ba91da2022-01-05 09:20:35.959root 11241100x80000000000000006861551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398b5d10204fc1232022-01-05 09:20:35.960root 11241100x80000000000000006861552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1155120772daa22022-01-05 09:20:35.960root 11241100x80000000000000006861553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ab8f68d3b14a892022-01-05 09:20:35.960root 11241100x80000000000000006861554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb48aeb1e0d35582022-01-05 09:20:35.960root 11241100x80000000000000006861555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc54c4455b5825b2022-01-05 09:20:35.960root 11241100x80000000000000006861556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec5db119063f59f2022-01-05 09:20:35.960root 11241100x80000000000000006861557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4138a8bfc302bb142022-01-05 09:20:35.960root 11241100x80000000000000006861558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672402ca33a5d8812022-01-05 09:20:35.960root 11241100x80000000000000006861559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a574a19ec75d9b22022-01-05 09:20:35.960root 11241100x80000000000000006861560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4f487f4987c99a2022-01-05 09:20:35.960root 11241100x80000000000000006861561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387925e424c534b72022-01-05 09:20:35.960root 11241100x80000000000000006861562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999e7f2c6a397f172022-01-05 09:20:35.961root 11241100x80000000000000006861563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b1c1fcdd03904b2022-01-05 09:20:35.961root 11241100x80000000000000006861564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae7f8522c95aff32022-01-05 09:20:36.459root 11241100x80000000000000006861565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe5540d65f256d02022-01-05 09:20:36.459root 11241100x80000000000000006861566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5980ba885eb0ef2022-01-05 09:20:36.460root 11241100x80000000000000006861567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ee8b2ec7127c442022-01-05 09:20:36.460root 11241100x80000000000000006861568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3047b957ef714d2022-01-05 09:20:36.460root 11241100x80000000000000006861569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df8f8eb40126ce12022-01-05 09:20:36.460root 11241100x80000000000000006861570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9eb33372fbe992022-01-05 09:20:36.461root 11241100x80000000000000006861571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b880148a98596002022-01-05 09:20:36.461root 11241100x80000000000000006861572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e188fcb0b4ed4da82022-01-05 09:20:36.461root 11241100x80000000000000006861573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966c9bcbc720e8882022-01-05 09:20:36.461root 11241100x80000000000000006861574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb775ba1f0bf612022-01-05 09:20:36.461root 11241100x80000000000000006861575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef72611ce38e1462022-01-05 09:20:36.461root 11241100x80000000000000006861576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9bff845fa65e432022-01-05 09:20:36.461root 11241100x80000000000000006861577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4facbf2922d8dc2022-01-05 09:20:36.461root 11241100x80000000000000006861578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548714a07c44c4f02022-01-05 09:20:36.959root 11241100x80000000000000006861579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2dcf7c17d888882022-01-05 09:20:36.960root 11241100x80000000000000006861580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f9b3b05bc8fe382022-01-05 09:20:36.960root 11241100x80000000000000006861581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92699cc09f58a69e2022-01-05 09:20:36.960root 11241100x80000000000000006861582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afbe4f38f60f5f42022-01-05 09:20:36.960root 11241100x80000000000000006861583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd649ab1b719a42022-01-05 09:20:36.960root 11241100x80000000000000006861584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56040ac6ceeefe12022-01-05 09:20:36.961root 11241100x80000000000000006861585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbf26011cb8c8e12022-01-05 09:20:36.961root 11241100x80000000000000006861586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf7035fdfac4172022-01-05 09:20:36.961root 11241100x80000000000000006861587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe5bd824e371cbf2022-01-05 09:20:36.961root 11241100x80000000000000006861588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c8ca08f71ecba12022-01-05 09:20:36.961root 11241100x80000000000000006861589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b56f0a3e4305332022-01-05 09:20:36.961root 11241100x80000000000000006861590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be86fd73508a713c2022-01-05 09:20:36.961root 11241100x80000000000000006861591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693b2d26ef6cddaa2022-01-05 09:20:36.961root 11241100x80000000000000006861592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a1de8942f13a862022-01-05 09:20:37.459root 11241100x80000000000000006861593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6aceabb1c412e2022-01-05 09:20:37.460root 11241100x80000000000000006861594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e0b0013f02d17b2022-01-05 09:20:37.460root 11241100x80000000000000006861595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e592afde895f772022-01-05 09:20:37.460root 11241100x80000000000000006861596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e92e500d00cb02022-01-05 09:20:37.460root 11241100x80000000000000006861597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4c41db8161a9ea2022-01-05 09:20:37.460root 11241100x80000000000000006861598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d076ab70b3fe322022-01-05 09:20:37.460root 11241100x80000000000000006861599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0994835557f0da2022-01-05 09:20:37.460root 11241100x80000000000000006861600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccb25313d09e36c2022-01-05 09:20:37.460root 11241100x80000000000000006861601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc455e0fc577472022-01-05 09:20:37.460root 11241100x80000000000000006861602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144359770a3348e62022-01-05 09:20:37.460root 11241100x80000000000000006861603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abbf8ce235ab3752022-01-05 09:20:37.461root 11241100x80000000000000006861604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee515b11d511a92022-01-05 09:20:37.461root 11241100x80000000000000006861605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c57ab25929ab22022-01-05 09:20:37.461root 11241100x80000000000000006861606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f5bd515d6c79392022-01-05 09:20:37.959root 11241100x80000000000000006861607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6c1c53cab41b3f2022-01-05 09:20:37.959root 11241100x80000000000000006861608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38966c11ab77bb1f2022-01-05 09:20:37.960root 11241100x80000000000000006861609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4725906cfd1848f2022-01-05 09:20:37.960root 11241100x80000000000000006861610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2ff089ddaf7f412022-01-05 09:20:37.960root 11241100x80000000000000006861611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61356345e4b4b792022-01-05 09:20:37.960root 11241100x80000000000000006861612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a8c5ddd08122c2022-01-05 09:20:37.960root 11241100x80000000000000006861613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e71f7667bbb9ab2022-01-05 09:20:37.960root 11241100x80000000000000006861614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f882192750e7c30b2022-01-05 09:20:37.960root 11241100x80000000000000006861615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a149ecaf80a8302f2022-01-05 09:20:37.960root 11241100x80000000000000006861616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce9054d2514bb232022-01-05 09:20:37.960root 11241100x80000000000000006861617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716e7fa788a363c82022-01-05 09:20:37.960root 11241100x80000000000000006861618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72abdb32c92986002022-01-05 09:20:37.961root 11241100x80000000000000006861619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f1184410143df72022-01-05 09:20:37.961root 11241100x80000000000000006861620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cb64ea4066a3eb2022-01-05 09:20:38.459root 11241100x80000000000000006861621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1187c87f08eb23942022-01-05 09:20:38.460root 11241100x80000000000000006861622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80ec2856047b8972022-01-05 09:20:38.460root 11241100x80000000000000006861623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b55428b7a3fbc2022-01-05 09:20:38.460root 11241100x80000000000000006861624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655f0b605f84b7902022-01-05 09:20:38.460root 11241100x80000000000000006861625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1911a13c4254f9c2022-01-05 09:20:38.460root 11241100x80000000000000006861626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ed241364d67b232022-01-05 09:20:38.461root 11241100x80000000000000006861627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e03f6bd444cb162022-01-05 09:20:38.461root 11241100x80000000000000006861628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3b6d4e167348d2022-01-05 09:20:38.461root 11241100x80000000000000006861629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42c3538d40429352022-01-05 09:20:38.461root 11241100x80000000000000006861630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903dda083eb3b8a52022-01-05 09:20:38.461root 11241100x80000000000000006861631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6311bc42fed05ae62022-01-05 09:20:38.461root 11241100x80000000000000006861632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b912abf3eb5154942022-01-05 09:20:38.461root 11241100x80000000000000006861633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb614759c7e42b32022-01-05 09:20:38.462root 11241100x80000000000000006861634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d8880b60e2964d2022-01-05 09:20:38.959root 11241100x80000000000000006861635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f150df9f4953355a2022-01-05 09:20:38.959root 11241100x80000000000000006861636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46dc8e6a05c5b182022-01-05 09:20:38.960root 11241100x80000000000000006861637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1835fe22860449802022-01-05 09:20:38.960root 11241100x80000000000000006861638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f65fe09fad604342022-01-05 09:20:38.960root 11241100x80000000000000006861639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69261b86421539f72022-01-05 09:20:38.960root 11241100x80000000000000006861640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657fb9a3b14bde072022-01-05 09:20:38.960root 11241100x80000000000000006861641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c783fc1496cec662022-01-05 09:20:38.960root 11241100x80000000000000006861642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ebb832028dc222022-01-05 09:20:38.960root 11241100x80000000000000006861643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0ed3f6400d911a2022-01-05 09:20:38.960root 11241100x80000000000000006861644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e8be58bdfc8a782022-01-05 09:20:38.961root 11241100x80000000000000006861645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776c68a5dd3faa522022-01-05 09:20:38.961root 11241100x80000000000000006861646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6616311896e1c33c2022-01-05 09:20:38.961root 11241100x80000000000000006861647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6323d4301e63362022-01-05 09:20:38.961root 11241100x80000000000000006861648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc23a713d9ea39842022-01-05 09:20:39.459root 11241100x80000000000000006861649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a57eb043cf0a3e2022-01-05 09:20:39.459root 11241100x80000000000000006861650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5988e8292ffed92022-01-05 09:20:39.459root 11241100x80000000000000006861651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c36b346ce22a012022-01-05 09:20:39.459root 11241100x80000000000000006861652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa0fe94b89b52342022-01-05 09:20:39.460root 11241100x80000000000000006861653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13937ec6618730522022-01-05 09:20:39.460root 11241100x80000000000000006861654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0f28ed0d5f446e2022-01-05 09:20:39.460root 11241100x80000000000000006861655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc28ee5a15d237e2022-01-05 09:20:39.460root 11241100x80000000000000006861656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969886d235d52ef2022-01-05 09:20:39.460root 11241100x80000000000000006861657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09485236b8cd14552022-01-05 09:20:39.460root 11241100x80000000000000006861658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b28fb8df55ad1f2022-01-05 09:20:39.461root 11241100x80000000000000006861659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f04400a29adf972022-01-05 09:20:39.461root 11241100x80000000000000006861660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0717d5b4dc7836222022-01-05 09:20:39.461root 11241100x80000000000000006861661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f727617266028f92022-01-05 09:20:39.461root 11241100x80000000000000006861662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4ece848e83c6bf2022-01-05 09:20:39.959root 11241100x80000000000000006861663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d045ae1e2d45442022-01-05 09:20:39.959root 11241100x80000000000000006861664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7353f302cbb626662022-01-05 09:20:39.960root 11241100x80000000000000006861665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18bc9e7fc16316c2022-01-05 09:20:39.960root 11241100x80000000000000006861666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeccc0412705ccc2022-01-05 09:20:39.960root 11241100x80000000000000006861667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b19caaddf7dd5d2022-01-05 09:20:39.960root 11241100x80000000000000006861668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4bd8ff409078d2022-01-05 09:20:39.960root 11241100x80000000000000006861669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcb2b91b28c522c2022-01-05 09:20:39.960root 11241100x80000000000000006861670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3148f82faa1e71142022-01-05 09:20:39.960root 11241100x80000000000000006861671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fce58404069369a2022-01-05 09:20:39.960root 11241100x80000000000000006861672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839aeb3dd18ce1c52022-01-05 09:20:39.960root 11241100x80000000000000006861673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb31781d34744472022-01-05 09:20:39.960root 11241100x80000000000000006861674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356b9756f5282c152022-01-05 09:20:39.960root 11241100x80000000000000006861675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:39.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83eda2e6d4be9d82022-01-05 09:20:39.960root 354300x80000000000000006861676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.225{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40704-false10.0.1.12-8000- 11241100x80000000000000006861677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d21c78c0be6fe62022-01-05 09:20:40.225root 11241100x80000000000000006861678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d63cd94848c0a9f2022-01-05 09:20:40.225root 11241100x80000000000000006861679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c80113ca6b787e62022-01-05 09:20:40.226root 11241100x80000000000000006861680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16403a9968dd72d52022-01-05 09:20:40.226root 11241100x80000000000000006861681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9951d74894d621412022-01-05 09:20:40.226root 11241100x80000000000000006861682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47ee305324474b2022-01-05 09:20:40.226root 11241100x80000000000000006861683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bdbdad403eaa072022-01-05 09:20:40.226root 11241100x80000000000000006861684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17906f0c799d9172022-01-05 09:20:40.226root 11241100x80000000000000006861685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5bc77bed2d9e8e2022-01-05 09:20:40.226root 11241100x80000000000000006861686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b13ae2c6aac33ad2022-01-05 09:20:40.226root 11241100x80000000000000006861687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893ccf7bc4fd994d2022-01-05 09:20:40.227root 11241100x80000000000000006861688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8857753f8dccc5a82022-01-05 09:20:40.227root 11241100x80000000000000006861689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bcd7a57fc74a0e52022-01-05 09:20:40.227root 11241100x80000000000000006861690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af0237ba598c3d72022-01-05 09:20:40.227root 11241100x80000000000000006861691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf3863f8609f942022-01-05 09:20:40.227root 11241100x80000000000000006861692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e07dc9b74383c22022-01-05 09:20:40.227root 11241100x80000000000000006861693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.227{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c6ca9067ffa4182022-01-05 09:20:40.227root 11241100x80000000000000006861694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73bf6f6ca0dde5e2022-01-05 09:20:40.709root 11241100x80000000000000006861695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f557cb66a454ea72022-01-05 09:20:40.710root 11241100x80000000000000006861696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6110162bd2b1c59a2022-01-05 09:20:40.710root 11241100x80000000000000006861697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e388dd35258d552022-01-05 09:20:40.711root 11241100x80000000000000006861698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8fef64a3b958f72022-01-05 09:20:40.711root 11241100x80000000000000006861699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d2066031fe99102022-01-05 09:20:40.712root 11241100x80000000000000006861700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dac540bc64a7d02022-01-05 09:20:40.712root 11241100x80000000000000006861701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee85f2656c3cd572022-01-05 09:20:40.712root 11241100x80000000000000006861702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4922bf7243bf09a2022-01-05 09:20:40.713root 11241100x80000000000000006861703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d72f153dc359b62022-01-05 09:20:40.713root 11241100x80000000000000006861704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0020f3bfd829ca1a2022-01-05 09:20:40.713root 11241100x80000000000000006861705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa5edd8c51ac6ac2022-01-05 09:20:40.715root 11241100x80000000000000006861706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d57f2feadc20702022-01-05 09:20:40.715root 11241100x80000000000000006861707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28bb023bd8a6abbd2022-01-05 09:20:40.716root 11241100x80000000000000006861708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:40.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39ce6c8cb9efc092022-01-05 09:20:40.716root 11241100x80000000000000006861709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174693d06e36c07e2022-01-05 09:20:41.210root 11241100x80000000000000006861710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c8b238b1b8e8722022-01-05 09:20:41.210root 11241100x80000000000000006861711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f19b961f12ddb72022-01-05 09:20:41.210root 11241100x80000000000000006861712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c14714e7e4d53d2022-01-05 09:20:41.210root 11241100x80000000000000006861713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa79453969f230bd2022-01-05 09:20:41.211root 11241100x80000000000000006861714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa56aa2e769da1e2022-01-05 09:20:41.211root 11241100x80000000000000006861715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d945fb75ff927ef72022-01-05 09:20:41.211root 11241100x80000000000000006861716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae2e3ddb4496fc42022-01-05 09:20:41.211root 11241100x80000000000000006861717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73fb0d92cd9d75e2022-01-05 09:20:41.211root 11241100x80000000000000006861718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b3424ecf4e8e9d2022-01-05 09:20:41.212root 11241100x80000000000000006861719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885607bfc2f9349a2022-01-05 09:20:41.212root 11241100x80000000000000006861720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dfa365f3074f9c2022-01-05 09:20:41.212root 11241100x80000000000000006861721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f0b59f371fa9ad2022-01-05 09:20:41.212root 11241100x80000000000000006861722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e343299d185657d82022-01-05 09:20:41.212root 11241100x80000000000000006861723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfab9b17d07fd5ee2022-01-05 09:20:41.212root 11241100x80000000000000006861724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8247b4694f6fed42022-01-05 09:20:41.710root 11241100x80000000000000006861725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2692fabfc2f891b62022-01-05 09:20:41.710root 11241100x80000000000000006861726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d368ad15a2083ae32022-01-05 09:20:41.710root 11241100x80000000000000006861727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3163a2538852a602022-01-05 09:20:41.710root 11241100x80000000000000006861728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f092105e4b3ee92022-01-05 09:20:41.710root 11241100x80000000000000006861729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8a15909a435e6a2022-01-05 09:20:41.710root 11241100x80000000000000006861730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2fa3d8cbc170152022-01-05 09:20:41.710root 11241100x80000000000000006861731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787207b74883b4b2022-01-05 09:20:41.710root 11241100x80000000000000006861732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f2c8363e2bbf7b2022-01-05 09:20:41.710root 11241100x80000000000000006861733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72c49e6d073e21d2022-01-05 09:20:41.710root 11241100x80000000000000006861734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e845a78a26583f52022-01-05 09:20:41.710root 11241100x80000000000000006861735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d60066fc4e8cbd2022-01-05 09:20:41.710root 11241100x80000000000000006861736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4f6dfc25a52b8d2022-01-05 09:20:41.710root 11241100x80000000000000006861737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45277ae82669597c2022-01-05 09:20:41.710root 11241100x80000000000000006861738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8308d4cf347fe12022-01-05 09:20:41.711root 11241100x80000000000000006861739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893854a5ef23abfd2022-01-05 09:20:42.209root 11241100x80000000000000006861740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749d125f254549de2022-01-05 09:20:42.210root 11241100x80000000000000006861741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e6d1370d9b93b92022-01-05 09:20:42.210root 11241100x80000000000000006861742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b0aaf871d6aeab2022-01-05 09:20:42.210root 11241100x80000000000000006861743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404e2128bf0357b92022-01-05 09:20:42.210root 11241100x80000000000000006861744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf262c62691de6cd2022-01-05 09:20:42.211root 11241100x80000000000000006861745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78feaa98c48a6e12022-01-05 09:20:42.211root 11241100x80000000000000006861746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b83f5da0f0659e2022-01-05 09:20:42.211root 11241100x80000000000000006861747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad6b840cfc1f7df2022-01-05 09:20:42.211root 11241100x80000000000000006861748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3f2c629fad29672022-01-05 09:20:42.212root 11241100x80000000000000006861749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b510f741eb60d842022-01-05 09:20:42.212root 11241100x80000000000000006861750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2005675e22d46682022-01-05 09:20:42.212root 11241100x80000000000000006861751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a746daef14fff332022-01-05 09:20:42.212root 11241100x80000000000000006861752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a0fd902944d9f22022-01-05 09:20:42.212root 11241100x80000000000000006861753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecea644ec7c2c3d82022-01-05 09:20:42.213root 11241100x80000000000000006861754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eba9e26528606502022-01-05 09:20:42.709root 11241100x80000000000000006861755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f6cc0c62ebd64d2022-01-05 09:20:42.709root 11241100x80000000000000006861756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65b3ef5ac4ab4b42022-01-05 09:20:42.710root 11241100x80000000000000006861757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5f8d5b76b8f41b2022-01-05 09:20:42.710root 11241100x80000000000000006861758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca367d2ea9cb7732022-01-05 09:20:42.710root 11241100x80000000000000006861759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0986bd273b003e072022-01-05 09:20:42.710root 11241100x80000000000000006861760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c8a438c895ac52022-01-05 09:20:42.710root 11241100x80000000000000006861761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40469290bca45eb82022-01-05 09:20:42.710root 11241100x80000000000000006861762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e441ddd29109ebbc2022-01-05 09:20:42.710root 11241100x80000000000000006861763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927e52e0878b3acb2022-01-05 09:20:42.710root 11241100x80000000000000006861764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5916ed525c3a9ef92022-01-05 09:20:42.710root 11241100x80000000000000006861765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84059b15b15f36e42022-01-05 09:20:42.710root 11241100x80000000000000006861766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93954425f97ab3222022-01-05 09:20:42.710root 11241100x80000000000000006861767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cd6bf2308b123d2022-01-05 09:20:42.710root 11241100x80000000000000006861768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caab6447399447a2022-01-05 09:20:42.710root 11241100x80000000000000006861769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4655de809e7af10d2022-01-05 09:20:43.209root 11241100x80000000000000006861770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292fabb1a9178a832022-01-05 09:20:43.210root 11241100x80000000000000006861771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f09dd780292ee2022-01-05 09:20:43.210root 11241100x80000000000000006861772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4728ea25d48b386f2022-01-05 09:20:43.210root 11241100x80000000000000006861773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385c94da6d09d9ed2022-01-05 09:20:43.210root 11241100x80000000000000006861774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f934ef9fed5f5f2022-01-05 09:20:43.211root 11241100x80000000000000006861775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf49f5bbea585bc2022-01-05 09:20:43.212root 11241100x80000000000000006861776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b337a8a484ed53052022-01-05 09:20:43.212root 11241100x80000000000000006861777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64591a4f2837928c2022-01-05 09:20:43.212root 11241100x80000000000000006861778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642a0a502d02da3e2022-01-05 09:20:43.212root 11241100x80000000000000006861779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f82ccea693d79c2022-01-05 09:20:43.212root 11241100x80000000000000006861780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899ec3b8416a3252022-01-05 09:20:43.212root 11241100x80000000000000006861781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82764eff9f71a3b2022-01-05 09:20:43.213root 11241100x80000000000000006861782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f2ce9d40fe7b3d2022-01-05 09:20:43.213root 11241100x80000000000000006861783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11291a947e4b9c372022-01-05 09:20:43.213root 11241100x80000000000000006861784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17c5819b60d97b02022-01-05 09:20:43.710root 11241100x80000000000000006861785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d0ff46a19cb4202022-01-05 09:20:43.710root 11241100x80000000000000006861786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29ea07e241297b22022-01-05 09:20:43.710root 11241100x80000000000000006861787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe80d1dde5932cb2022-01-05 09:20:43.710root 11241100x80000000000000006861788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15dd9c5bcebdd3f2022-01-05 09:20:43.710root 11241100x80000000000000006861789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697ee552294e14d2022-01-05 09:20:43.710root 11241100x80000000000000006861790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07135b4ac209e52022-01-05 09:20:43.711root 11241100x80000000000000006861791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150e750b11779b962022-01-05 09:20:43.711root 11241100x80000000000000006861792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9eba572aee66f62022-01-05 09:20:43.711root 11241100x80000000000000006861793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9572f396de38ba2022-01-05 09:20:43.711root 11241100x80000000000000006861794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb4fdfc3105f482022-01-05 09:20:43.711root 11241100x80000000000000006861795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9729c8b3861e5c892022-01-05 09:20:43.711root 11241100x80000000000000006861796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4f5140994a77052022-01-05 09:20:43.711root 11241100x80000000000000006861797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56005c3498a60f8a2022-01-05 09:20:43.711root 11241100x80000000000000006861798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3777a7863b30d92022-01-05 09:20:43.711root 11241100x80000000000000006861799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508ab2990638ed952022-01-05 09:20:44.210root 11241100x80000000000000006861800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f126f5c0e88a1dd2022-01-05 09:20:44.210root 11241100x80000000000000006861801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9d9d4df4d9b57e2022-01-05 09:20:44.210root 11241100x80000000000000006861802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cd4e2a1fc14d6f2022-01-05 09:20:44.210root 11241100x80000000000000006861803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a774c3eaef778cf72022-01-05 09:20:44.210root 11241100x80000000000000006861804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb345f96dbb5d062022-01-05 09:20:44.210root 11241100x80000000000000006861805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc539420445d292022-01-05 09:20:44.210root 11241100x80000000000000006861806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226029adaa6b547f2022-01-05 09:20:44.210root 11241100x80000000000000006861807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb9259104e29cac2022-01-05 09:20:44.210root 11241100x80000000000000006861808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809df3b2adf369e12022-01-05 09:20:44.211root 11241100x80000000000000006861809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0964b1ed86e333e2022-01-05 09:20:44.211root 11241100x80000000000000006861810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b908427d309262022-01-05 09:20:44.211root 11241100x80000000000000006861811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668a1a4e641e2fc2022-01-05 09:20:44.211root 11241100x80000000000000006861812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2317ce68288343a52022-01-05 09:20:44.211root 11241100x80000000000000006861813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81caaab81e282632022-01-05 09:20:44.211root 11241100x80000000000000006861814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f82b40180a15012022-01-05 09:20:44.709root 11241100x80000000000000006861815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169c217a17771e032022-01-05 09:20:44.709root 11241100x80000000000000006861816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4d742718a47d2a2022-01-05 09:20:44.709root 11241100x80000000000000006861817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8871f0e366f7bfba2022-01-05 09:20:44.709root 11241100x80000000000000006861818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbed9eb5c38a5f22022-01-05 09:20:44.709root 11241100x80000000000000006861819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38d77d538778e062022-01-05 09:20:44.710root 11241100x80000000000000006861820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a8b16b0b4c6002022-01-05 09:20:44.710root 11241100x80000000000000006861821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68d13cd22c4d5792022-01-05 09:20:44.710root 11241100x80000000000000006861822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f6afbfc582f4be2022-01-05 09:20:44.710root 11241100x80000000000000006861823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12aea7d5c999aa12022-01-05 09:20:44.710root 11241100x80000000000000006861824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc900aaf1aa0b55e2022-01-05 09:20:44.710root 11241100x80000000000000006861825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4388be398510387c2022-01-05 09:20:44.710root 11241100x80000000000000006861826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6bbf877b47e0f3e2022-01-05 09:20:44.710root 11241100x80000000000000006861827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84258ae12257e5ec2022-01-05 09:20:44.710root 11241100x80000000000000006861828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:44.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606d1ec4d2efbe552022-01-05 09:20:44.710root 11241100x80000000000000006861829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62dfeaa99cc5dbd2022-01-05 09:20:45.209root 11241100x80000000000000006861830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d879a71dd953b52022-01-05 09:20:45.210root 11241100x80000000000000006861831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f51a66270fc73862022-01-05 09:20:45.210root 11241100x80000000000000006861832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a7b067a5944542022-01-05 09:20:45.210root 11241100x80000000000000006861833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a219db30c49520f2022-01-05 09:20:45.210root 11241100x80000000000000006861834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59a85b30c2ee042022-01-05 09:20:45.210root 11241100x80000000000000006861835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195429a21dc3d0d52022-01-05 09:20:45.210root 11241100x80000000000000006861836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263e630383a7f8412022-01-05 09:20:45.210root 11241100x80000000000000006861837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d6e5a45c708f822022-01-05 09:20:45.210root 11241100x80000000000000006861838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0a3d29b73e396e2022-01-05 09:20:45.210root 11241100x80000000000000006861839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3adf448710ada512022-01-05 09:20:45.210root 11241100x80000000000000006861840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ad22dbfa414c912022-01-05 09:20:45.210root 11241100x80000000000000006861841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1890f63872277322022-01-05 09:20:45.211root 11241100x80000000000000006861842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a1fa37c08683182022-01-05 09:20:45.211root 11241100x80000000000000006861843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3baea15cc04d402022-01-05 09:20:45.211root 11241100x80000000000000006861844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425dfe47334796d82022-01-05 09:20:45.709root 11241100x80000000000000006861845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ccd8029c59d6562022-01-05 09:20:45.709root 11241100x80000000000000006861846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdb9b387941ae5a2022-01-05 09:20:45.710root 11241100x80000000000000006861847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2223406cad57da2022-01-05 09:20:45.710root 11241100x80000000000000006861848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6495078f1ba07ba02022-01-05 09:20:45.710root 11241100x80000000000000006861849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68609fbd4dba8e02022-01-05 09:20:45.710root 11241100x80000000000000006861850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a4542c6638ed132022-01-05 09:20:45.710root 11241100x80000000000000006861851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c94b56e37bfe80e2022-01-05 09:20:45.710root 11241100x80000000000000006861852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ae74003913ef2e2022-01-05 09:20:45.710root 11241100x80000000000000006861853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058dcf43cd712d9e2022-01-05 09:20:45.710root 11241100x80000000000000006861854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41a23d1e457b0562022-01-05 09:20:45.710root 11241100x80000000000000006861855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98867f97fcb539672022-01-05 09:20:45.710root 11241100x80000000000000006861856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23367f7f04d541f12022-01-05 09:20:45.710root 11241100x80000000000000006861857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d56231d1b77fcc32022-01-05 09:20:45.710root 11241100x80000000000000006861858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:45.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66d908996f224d42022-01-05 09:20:45.710root 354300x80000000000000006861859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.155{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40706-false10.0.1.12-8000- 11241100x80000000000000006861860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330bb79541848b982022-01-05 09:20:46.156root 11241100x80000000000000006861861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da7bec944da33872022-01-05 09:20:46.156root 11241100x80000000000000006861862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca27517ddd1579b82022-01-05 09:20:46.156root 11241100x80000000000000006861863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addb386aa296ec6d2022-01-05 09:20:46.156root 11241100x80000000000000006861864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.156{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635ffafff9943f2b2022-01-05 09:20:46.156root 11241100x80000000000000006861865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4f0b0227509eff2022-01-05 09:20:46.157root 11241100x80000000000000006861866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0adac7aeffcaba2022-01-05 09:20:46.157root 11241100x80000000000000006861867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.157{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f273805c09ace112022-01-05 09:20:46.157root 11241100x80000000000000006861868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d55def37bd46662022-01-05 09:20:46.158root 11241100x80000000000000006861869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6021b647d572532022-01-05 09:20:46.158root 11241100x80000000000000006861870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.158{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df5aedb5a237fdd2022-01-05 09:20:46.158root 11241100x80000000000000006861871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.159{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5298cced122aeb182022-01-05 09:20:46.159root 11241100x80000000000000006861872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a8284def1852562022-01-05 09:20:46.160root 11241100x80000000000000006861873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.160{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0326718ce70e6b92022-01-05 09:20:46.160root 11241100x80000000000000006861874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.161{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a61dcadee252c2022-01-05 09:20:46.161root 11241100x80000000000000006861875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6a3ee37747adb22022-01-05 09:20:46.162root 11241100x80000000000000006861876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126125801287e8a62022-01-05 09:20:46.162root 11241100x80000000000000006861877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977fe73b0c7559b12022-01-05 09:20:46.162root 11241100x80000000000000006861878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.162{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f281c8d1f900fe2022-01-05 09:20:46.162root 11241100x80000000000000006861879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a86c6e1f88a1ed2022-01-05 09:20:46.163root 11241100x80000000000000006861880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.163{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d584d12ad29bc22022-01-05 09:20:46.163root 11241100x80000000000000006861881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084455020a4fcf9e2022-01-05 09:20:46.459root 11241100x80000000000000006861882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3824f330cde32c2022-01-05 09:20:46.459root 11241100x80000000000000006861883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578a07d4930cd5a92022-01-05 09:20:46.459root 11241100x80000000000000006861884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530cd5c4e93742b2022-01-05 09:20:46.459root 11241100x80000000000000006861885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724d5a0481ef71752022-01-05 09:20:46.459root 11241100x80000000000000006861886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887d79d53d4319832022-01-05 09:20:46.459root 11241100x80000000000000006861887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5563e9e75cf2182022-01-05 09:20:46.459root 11241100x80000000000000006861888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05856130eb72d742022-01-05 09:20:46.459root 11241100x80000000000000006861889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c6b2a31faa718cf2022-01-05 09:20:46.459root 11241100x80000000000000006861890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a8b38e206fc6872022-01-05 09:20:46.460root 11241100x80000000000000006861891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35507de76852ad62022-01-05 09:20:46.460root 11241100x80000000000000006861892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aca97c9ef896dee2022-01-05 09:20:46.460root 11241100x80000000000000006861893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf9a1a18a64c492022-01-05 09:20:46.460root 11241100x80000000000000006861894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ec87683842c4902022-01-05 09:20:46.460root 11241100x80000000000000006861895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab40f6a9784fe92022-01-05 09:20:46.460root 11241100x80000000000000006861896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba27b279d8c9bc82022-01-05 09:20:46.460root 11241100x80000000000000006861897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a9eb455257ed8a2022-01-05 09:20:46.959root 11241100x80000000000000006861898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a3c6181c54144e2022-01-05 09:20:46.959root 11241100x80000000000000006861899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6548d21af04ea42022-01-05 09:20:46.960root 11241100x80000000000000006861900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0094471359377202022-01-05 09:20:46.960root 11241100x80000000000000006861901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ff3e8e4cdf0ab62022-01-05 09:20:46.960root 11241100x80000000000000006861902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421628af0bddfcc2022-01-05 09:20:46.960root 11241100x80000000000000006861903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d50a8ea9a29e8bc2022-01-05 09:20:46.960root 11241100x80000000000000006861904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65138b5eaf8ae6142022-01-05 09:20:46.960root 11241100x80000000000000006861905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e878a96bf3dcfd2022-01-05 09:20:46.960root 11241100x80000000000000006861906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0692a8d4e8802ac82022-01-05 09:20:46.960root 11241100x80000000000000006861907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ef2c5159926cb42022-01-05 09:20:46.960root 11241100x80000000000000006861908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e0f9b694b81db52022-01-05 09:20:46.960root 11241100x80000000000000006861909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca68a8e851a08f72022-01-05 09:20:46.960root 11241100x80000000000000006861910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6db950b892b4fe2022-01-05 09:20:46.960root 11241100x80000000000000006861911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d6da05db626c42022-01-05 09:20:46.960root 11241100x80000000000000006861912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110fc50504e1f4752022-01-05 09:20:46.960root 154100x80000000000000006861913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.205{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudo-----sudo touch /etc/doas.conf/home/ubuntu/doasubuntu{ec2e79f3-5fe4-61d5-e803-000000000000}100058no level-{ec2e79f3-5fe4-61d5-08b4-fae256550000}17361/bin/bash-bashubuntu 354300x80000000000000006861914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.210{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoubuntuudptruefalse127.0.0.1-49569-false127.0.0.53-53- 354300x80000000000000006861915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.210{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-34064-false10.0.0.2-53- 354300x80000000000000006861916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.210{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-54696-false10.0.0.2-53- 11241100x80000000000000006861917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f903d4a4ae66b7122022-01-05 09:20:47.211root 354300x80000000000000006861918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.212{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-49569- 354300x80000000000000006861919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.212{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-49569- 11241100x80000000000000006861920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8facb300df4db42b2022-01-05 09:20:47.213root 11241100x80000000000000006861921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11656c25fd833c662022-01-05 09:20:47.213root 11241100x80000000000000006861922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45716a720564b482022-01-05 09:20:47.213root 11241100x80000000000000006861923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50c6f2b7d1962702022-01-05 09:20:47.213root 11241100x80000000000000006861924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff791f68a0ff267c2022-01-05 09:20:47.213root 11241100x80000000000000006861925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a83f7f676ba33622022-01-05 09:20:47.213root 11241100x80000000000000006861926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5bfda6586be15c2022-01-05 09:20:47.214root 11241100x80000000000000006861927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae207669d86cbbbe2022-01-05 09:20:47.214root 11241100x80000000000000006861928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45e03c7ea3e3ba82022-01-05 09:20:47.214root 11241100x80000000000000006861929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8157c473eaa06e002022-01-05 09:20:47.214root 11241100x80000000000000006861930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db809548c2fb25b62022-01-05 09:20:47.214root 11241100x80000000000000006861931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3d10a5fef80c22022-01-05 09:20:47.214root 11241100x80000000000000006861932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c78b1ab157fd882022-01-05 09:20:47.214root 11241100x80000000000000006861933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a629d9a75edc27d42022-01-05 09:20:47.214root 11241100x80000000000000006861934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad38b1ecee1aafb2022-01-05 09:20:47.214root 11241100x80000000000000006861935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf93e334c4f0d432022-01-05 09:20:47.214root 11241100x80000000000000006861936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71506a65823a04502022-01-05 09:20:47.215root 11241100x80000000000000006861937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df275eae8eb93012022-01-05 09:20:47.215root 11241100x80000000000000006861938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a6de226d0f2b302022-01-05 09:20:47.215root 11241100x80000000000000006861939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4dd36dfb2687db2022-01-05 09:20:47.215root 354300x80000000000000006861940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.221{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoubuntuudptruefalse127.0.0.1-50284-false127.0.0.53-53- 354300x80000000000000006861941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.222{ec2e79f3-af56-61d2-c087-a6df37560000}2473/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50284- 154100x80000000000000006861942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.226{ec2e79f3-62ef-61d5-10f0-d90192550000}22925/bin/touch-----touch /etc/doas.conf/home/ubuntu/doasroot{ec2e79f3-0000-0000-0000-000000000000}058no level-{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudosudoubuntu 11241100x80000000000000006861943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.227{ec2e79f3-62ef-61d5-10f0-d90192550000}22925/bin/touch/etc/doas.conf2022-01-05 09:20:47.227root 534500x80000000000000006861944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.227{ec2e79f3-62ef-61d5-10f0-d90192550000}22925/bin/touchroot 534500x80000000000000006861945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.227{ec2e79f3-62ef-61d5-08be-f31fd7550000}22924/usr/bin/sudoroot 11241100x80000000000000006861946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed745c2f8b724a92022-01-05 09:20:47.709root 11241100x80000000000000006861947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ad5c5d653ebc822022-01-05 09:20:47.709root 11241100x80000000000000006861948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79205f22fd500bd2022-01-05 09:20:47.709root 11241100x80000000000000006861949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0da2a92a547ad2022-01-05 09:20:47.710root 11241100x80000000000000006861950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb27be5cdc5a2052022-01-05 09:20:47.710root 11241100x80000000000000006861951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c8bb162324b872022-01-05 09:20:47.710root 11241100x80000000000000006861952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9080a19764a527992022-01-05 09:20:47.710root 11241100x80000000000000006861953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc6feb2c45da6ef2022-01-05 09:20:47.710root 11241100x80000000000000006861954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0570e1ba2248882022-01-05 09:20:47.710root 11241100x80000000000000006861955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326104e76df4ade2022-01-05 09:20:47.710root 11241100x80000000000000006861956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c93a36b1c0f449d2022-01-05 09:20:47.710root 11241100x80000000000000006861957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5447ab149d43f74d2022-01-05 09:20:47.710root 11241100x80000000000000006861958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595098fce308eaaa2022-01-05 09:20:47.710root 11241100x80000000000000006861959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b79ea5a60fc78d12022-01-05 09:20:47.710root 11241100x80000000000000006861960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c014b263fceebc8f2022-01-05 09:20:47.710root 11241100x80000000000000006861961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bae84913d803f2b2022-01-05 09:20:47.710root 11241100x80000000000000006861962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4477bd9ad9334b842022-01-05 09:20:47.710root 11241100x80000000000000006861963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225e80f769d841502022-01-05 09:20:47.710root 11241100x80000000000000006861964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0311897caff10422022-01-05 09:20:47.711root 11241100x80000000000000006861965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88374286828639ba2022-01-05 09:20:47.711root 11241100x80000000000000006861966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cab9680a0d19442022-01-05 09:20:47.711root 11241100x80000000000000006861967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c41e7aa3236df62022-01-05 09:20:47.711root 11241100x80000000000000006861968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3713422955be3482022-01-05 09:20:47.711root 11241100x80000000000000006861969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afef82e37aeb8aef2022-01-05 09:20:47.711root 11241100x80000000000000006861970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b4e0e5a0e0e75d2022-01-05 09:20:47.711root 11241100x80000000000000006861971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44922b325fd9a59c2022-01-05 09:20:47.711root 11241100x80000000000000006861972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dbcd8aaf7eb3432022-01-05 09:20:47.711root 11241100x80000000000000006861973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81183054a2ad4df42022-01-05 09:20:47.711root 11241100x80000000000000006861974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13793c0612b2f88f2022-01-05 09:20:47.712root 11241100x80000000000000006861975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736e3290366397bd2022-01-05 09:20:47.712root 11241100x80000000000000006861976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61ba924d00499e02022-01-05 09:20:47.712root 11241100x80000000000000006861977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b5907d8309554c2022-01-05 09:20:47.712root 11241100x80000000000000006861978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c9680881f47dbd2022-01-05 09:20:47.712root 11241100x80000000000000006861979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02025874948ee08c2022-01-05 09:20:47.712root 11241100x80000000000000006861980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36913aca265222cd2022-01-05 09:20:47.713root 11241100x80000000000000006861981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6250bbe7cb712b152022-01-05 09:20:47.713root 11241100x80000000000000006861982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7b797acdfb31fa2022-01-05 09:20:47.713root 11241100x80000000000000006861983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4029e6f70a0d71dd2022-01-05 09:20:47.713root 11241100x80000000000000006861984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6802ce76e694ed42022-01-05 09:20:47.713root 11241100x80000000000000006861985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a716d83f00f5e4f2022-01-05 09:20:47.713root 11241100x80000000000000006861986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c54b3b5591aee2022-01-05 09:20:47.714root 11241100x80000000000000006861987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f608c62ffb37c72022-01-05 09:20:47.714root 11241100x80000000000000006861988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c0b673fc4f1f7a2022-01-05 09:20:47.714root 11241100x80000000000000006861989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4af640788e5b1482022-01-05 09:20:47.714root 11241100x80000000000000006861990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d87b9fb7222ec92022-01-05 09:20:47.714root 11241100x80000000000000006861991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69952905176a33d2022-01-05 09:20:47.714root 11241100x80000000000000006861992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ca807600fc558c2022-01-05 09:20:47.715root 11241100x80000000000000006861993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b759ab42f4b011b02022-01-05 09:20:47.715root 11241100x80000000000000006861994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e87f28b239ef002022-01-05 09:20:47.715root 11241100x80000000000000006861995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aed8ff8b1333e222022-01-05 09:20:47.715root 11241100x80000000000000006861996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b3880d9ac2739a2022-01-05 09:20:47.715root 11241100x80000000000000006861997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252395a14ebfa8752022-01-05 09:20:47.716root 11241100x80000000000000006861998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bb96668a28474d2022-01-05 09:20:47.716root 11241100x80000000000000006861999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1498b78600c628bc2022-01-05 09:20:47.716root 11241100x80000000000000006862000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afc368f5cb2559d2022-01-05 09:20:47.716root 11241100x80000000000000006862001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b6be9531fc12732022-01-05 09:20:47.716root 11241100x80000000000000006862002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3234eb8de97cc8ce2022-01-05 09:20:47.717root 11241100x80000000000000006862003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268de6f268f16cdd2022-01-05 09:20:47.717root 11241100x80000000000000006862004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22efaa4e64e7b95f2022-01-05 09:20:47.717root 11241100x80000000000000006862005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:47.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefe22790f3afd052022-01-05 09:20:47.717root 11241100x80000000000000006862006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922fb15a8708da02022-01-05 09:20:48.209root 11241100x80000000000000006862007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5ae12a072cfbe92022-01-05 09:20:48.209root 11241100x80000000000000006862008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0237261d056827312022-01-05 09:20:48.210root 11241100x80000000000000006862009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf1fcd70d4226e92022-01-05 09:20:48.210root 11241100x80000000000000006862010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52946707e22d89d02022-01-05 09:20:48.210root 11241100x80000000000000006862011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ceadca3e93a3102022-01-05 09:20:48.210root 11241100x80000000000000006862012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50d7136df8466a2022-01-05 09:20:48.210root 11241100x80000000000000006862013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d484af66528aeeea2022-01-05 09:20:48.211root 11241100x80000000000000006862014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30d449ce9f63e3b2022-01-05 09:20:48.211root 11241100x80000000000000006862015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42659a8f29bf9ae2022-01-05 09:20:48.211root 11241100x80000000000000006862016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952f451d921d14be2022-01-05 09:20:48.212root 11241100x80000000000000006862017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8404fb2481a7d4e22022-01-05 09:20:48.212root 11241100x80000000000000006862018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d4e4e944fa09702022-01-05 09:20:48.212root 11241100x80000000000000006862019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e236feba7b5c977e2022-01-05 09:20:48.212root 11241100x80000000000000006862020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad81de3a3a9315e12022-01-05 09:20:48.213root 11241100x80000000000000006862021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704eb0ba2e7ee822022-01-05 09:20:48.213root 11241100x80000000000000006862022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525df7249fefb4182022-01-05 09:20:48.213root 11241100x80000000000000006862023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0547bb8ba975762a2022-01-05 09:20:48.214root 11241100x80000000000000006862024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c67ffca9f19072b2022-01-05 09:20:48.214root 11241100x80000000000000006862025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf8b97b530325cf2022-01-05 09:20:48.214root 11241100x80000000000000006862026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2d4fa078845a082022-01-05 09:20:48.214root 11241100x80000000000000006862027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe0b1d8ab72b472022-01-05 09:20:48.215root 11241100x80000000000000006862028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f05f6fa5d5560802022-01-05 09:20:48.215root 11241100x80000000000000006862029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d75caae613242702022-01-05 09:20:48.215root 11241100x80000000000000006862030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd72c87902b02d22022-01-05 09:20:48.216root 11241100x80000000000000006862031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1a95c35979f7972022-01-05 09:20:48.216root 11241100x80000000000000006862032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abe4effddd57b872022-01-05 09:20:48.216root 11241100x80000000000000006862033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4de175db3dbf9052022-01-05 09:20:48.216root 11241100x80000000000000006862034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c68722c9528b612022-01-05 09:20:48.217root 11241100x80000000000000006862035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27eea71435f48092022-01-05 09:20:48.217root 11241100x80000000000000006862036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daaf2bdb7e6bfa972022-01-05 09:20:48.217root 11241100x80000000000000006862037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5346f51dfeb048922022-01-05 09:20:48.217root 11241100x80000000000000006862038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7742d74f438fc3912022-01-05 09:20:48.218root 11241100x80000000000000006862039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b231eb93b018772022-01-05 09:20:48.709root 11241100x80000000000000006862040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2356de9ddfc332022-01-05 09:20:48.709root 11241100x80000000000000006862041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2959066edceed42022-01-05 09:20:48.710root 11241100x80000000000000006862042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e53b8e9244ee552022-01-05 09:20:48.710root 11241100x80000000000000006862043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eb9d1bfb398f602022-01-05 09:20:48.710root 11241100x80000000000000006862044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f7c1c437743f112022-01-05 09:20:48.710root 11241100x80000000000000006862045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971438afcc5e17e02022-01-05 09:20:48.710root 11241100x80000000000000006862046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17985cb156f2a002022-01-05 09:20:48.711root 11241100x80000000000000006862047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b303d399ecea11232022-01-05 09:20:48.711root 11241100x80000000000000006862048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9071e303b0054e762022-01-05 09:20:48.711root 11241100x80000000000000006862049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fd55510e7e9b642022-01-05 09:20:48.711root 11241100x80000000000000006862050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c956cbd41952ef2022-01-05 09:20:48.711root 11241100x80000000000000006862051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea68e6caf6cb3732022-01-05 09:20:48.711root 11241100x80000000000000006862052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb594013450bc242022-01-05 09:20:48.711root 11241100x80000000000000006862053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f352b077ac8924e2022-01-05 09:20:48.712root 11241100x80000000000000006862054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d70a69843348d2022-01-05 09:20:48.712root 11241100x80000000000000006862055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230060ee779149402022-01-05 09:20:48.712root 11241100x80000000000000006862056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177d65065f7e95f92022-01-05 09:20:48.712root 11241100x80000000000000006862057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151dd5475b0ba8dc2022-01-05 09:20:48.712root 11241100x80000000000000006862058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da590237e20637ce2022-01-05 09:20:48.712root 11241100x80000000000000006862059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cad3f1b566df98c2022-01-05 09:20:48.713root 11241100x80000000000000006862060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46c2f997defe9752022-01-05 09:20:48.713root 11241100x80000000000000006862061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d25208ae383862022-01-05 09:20:48.713root 11241100x80000000000000006862062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb2a0cbfda0bab2022-01-05 09:20:48.713root 11241100x80000000000000006862063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a8f9adda9caffd2022-01-05 09:20:48.713root 11241100x80000000000000006862064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482973ed8051ef92022-01-05 09:20:48.713root 11241100x80000000000000006862065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4632f8296fccf3772022-01-05 09:20:48.713root 11241100x80000000000000006862066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c6037c2ec588de2022-01-05 09:20:48.714root 11241100x80000000000000006862067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926ea3abf11dcbb82022-01-05 09:20:48.714root 11241100x80000000000000006862068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83945bf41cefc9682022-01-05 09:20:48.714root 11241100x80000000000000006862069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af037285b963022022-01-05 09:20:48.714root 11241100x80000000000000006862070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553a12649526cc972022-01-05 09:20:48.714root 11241100x80000000000000006862071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88515bf19b75d2902022-01-05 09:20:49.209root 11241100x80000000000000006862072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f23f8e05f22b4a72022-01-05 09:20:49.210root 11241100x80000000000000006862073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c094c645c872cdd92022-01-05 09:20:49.210root 11241100x80000000000000006862074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aac4e868fbbe602022-01-05 09:20:49.210root 11241100x80000000000000006862075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b268ca64003334232022-01-05 09:20:49.210root 11241100x80000000000000006862076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf722dde833f53722022-01-05 09:20:49.210root 11241100x80000000000000006862077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc56896ee7f04792022-01-05 09:20:49.210root 11241100x80000000000000006862078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ef088a16b440d42022-01-05 09:20:49.210root 11241100x80000000000000006862079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c4f488cbbb364c2022-01-05 09:20:49.210root 11241100x80000000000000006862080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445541c303f9b1c72022-01-05 09:20:49.211root 11241100x80000000000000006862081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576ae32032df72fd2022-01-05 09:20:49.211root 11241100x80000000000000006862082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de77825b30341c662022-01-05 09:20:49.211root 11241100x80000000000000006862083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfcf0b23375b7bd2022-01-05 09:20:49.211root 11241100x80000000000000006862084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f737268ea6022a82022-01-05 09:20:49.211root 11241100x80000000000000006862085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a17e93a8bee3a4e2022-01-05 09:20:49.211root 11241100x80000000000000006862086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9eab082024e7682022-01-05 09:20:49.211root 11241100x80000000000000006862087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9778274bab3054472022-01-05 09:20:49.211root 11241100x80000000000000006862088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b27ddcb3b9222c2022-01-05 09:20:49.211root 11241100x80000000000000006862089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721fe69e95ca8f42022-01-05 09:20:49.211root 11241100x80000000000000006862090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc8597e25b54442022-01-05 09:20:49.211root 11241100x80000000000000006862091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94047d3c442673f52022-01-05 09:20:49.211root 11241100x80000000000000006862092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62414d5a5541435d2022-01-05 09:20:49.212root 11241100x80000000000000006862093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05325e1de69e87572022-01-05 09:20:49.212root 11241100x80000000000000006862094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b006d25e8a5611892022-01-05 09:20:49.212root 11241100x80000000000000006862095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73523a48ffa4f77c2022-01-05 09:20:49.212root 11241100x80000000000000006862096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a859affea8a0cc2022-01-05 09:20:49.212root 11241100x80000000000000006862097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c309a1dbdbe3322022-01-05 09:20:49.212root 11241100x80000000000000006862098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db921babffad4032022-01-05 09:20:49.213root 11241100x80000000000000006862099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26c1b0f0e410e952022-01-05 09:20:49.213root 11241100x80000000000000006862100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f355a90e55ad2fd2022-01-05 09:20:49.709root 11241100x80000000000000006862101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ee7c3a4ca1b5e2022-01-05 09:20:49.709root 11241100x80000000000000006862102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642a95eb2b4290e22022-01-05 09:20:49.709root 11241100x80000000000000006862103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a835c15b7ebf4fd92022-01-05 09:20:49.709root 11241100x80000000000000006862104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788e0fa8a179333b2022-01-05 09:20:49.709root 11241100x80000000000000006862105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92fc8657bdd70522022-01-05 09:20:49.709root 11241100x80000000000000006862106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693b58a947c1f1812022-01-05 09:20:49.709root 11241100x80000000000000006862107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6add1bc59b0e0f2022-01-05 09:20:49.709root 11241100x80000000000000006862108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439888b60cad083a2022-01-05 09:20:49.710root 11241100x80000000000000006862109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c8506402691a212022-01-05 09:20:49.710root 11241100x80000000000000006862110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44e9e2e83c961ab2022-01-05 09:20:49.710root 11241100x80000000000000006862111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c93164688ca2a12022-01-05 09:20:49.710root 11241100x80000000000000006862112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc639e66daf127d92022-01-05 09:20:49.711root 11241100x80000000000000006862113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00459f5e55edd28b2022-01-05 09:20:49.711root 11241100x80000000000000006862114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e83dae583b2e22022-01-05 09:20:49.711root 11241100x80000000000000006862115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abac0d8232ea77272022-01-05 09:20:49.711root 11241100x80000000000000006862116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f20c3e1cf38e032022-01-05 09:20:49.711root 11241100x80000000000000006862117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd91bf7438562a2022-01-05 09:20:49.711root 11241100x80000000000000006862118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d660255bf293a2a2022-01-05 09:20:49.711root 11241100x80000000000000006862119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93645696503e47452022-01-05 09:20:49.712root 11241100x80000000000000006862120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2c9e2e9250e5d52022-01-05 09:20:49.712root 11241100x80000000000000006862121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60ea9862dc96bd92022-01-05 09:20:49.712root 11241100x80000000000000006862122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24ab4eac32abfea2022-01-05 09:20:49.712root 11241100x80000000000000006862123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae1f902d64f75052022-01-05 09:20:49.712root 11241100x80000000000000006862124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982d3e69ffcd55de2022-01-05 09:20:49.712root 11241100x80000000000000006862125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8375c87837c59e4f2022-01-05 09:20:49.713root 11241100x80000000000000006862126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b698b299f7ff9b72022-01-05 09:20:49.714root 11241100x80000000000000006862127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0013e153a432ead02022-01-05 09:20:49.714root 11241100x80000000000000006862128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853012f513b0fa52022-01-05 09:20:49.715root 11241100x80000000000000006862129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9c052b66f0ee372022-01-05 09:20:49.715root 11241100x80000000000000006862130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a786073dd0b5d25b2022-01-05 09:20:49.715root 11241100x80000000000000006862131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b2ab6faf6902d2022-01-05 09:20:49.716root 11241100x80000000000000006862132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dea00a4f9e9e3512022-01-05 09:20:49.716root 11241100x80000000000000006862133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c29c88b1b906862022-01-05 09:20:49.717root 11241100x80000000000000006862134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d9896c3646d54e2022-01-05 09:20:49.717root 11241100x80000000000000006862135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcbef6c8914e7f02022-01-05 09:20:49.718root 11241100x80000000000000006862136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:49.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43273809843818a92022-01-05 09:20:49.718root 11241100x80000000000000006862137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faacb1cd19e0c5e42022-01-05 09:20:50.209root 11241100x80000000000000006862138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b04fba54d269792022-01-05 09:20:50.209root 11241100x80000000000000006862139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bf0a20875535dd2022-01-05 09:20:50.209root 11241100x80000000000000006862140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0456fdbb092b0062022-01-05 09:20:50.209root 11241100x80000000000000006862141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c63938dd5081b892022-01-05 09:20:50.209root 11241100x80000000000000006862142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53af1d3da34b14eb2022-01-05 09:20:50.209root 11241100x80000000000000006862143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3314fad6d7e1f0752022-01-05 09:20:50.209root 11241100x80000000000000006862144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6f580e969f06512022-01-05 09:20:50.210root 11241100x80000000000000006862145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c606bbd3c1ae33dd2022-01-05 09:20:50.210root 11241100x80000000000000006862146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1e0e05cfd237362022-01-05 09:20:50.210root 11241100x80000000000000006862147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccd9d19d3783e072022-01-05 09:20:50.210root 11241100x80000000000000006862148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1802f5a3e6b9c92022-01-05 09:20:50.210root 11241100x80000000000000006862149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b816cf84b0c0ee2022-01-05 09:20:50.210root 11241100x80000000000000006862150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e51f96406b5d92022-01-05 09:20:50.210root 11241100x80000000000000006862151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f410e17e06ecf4962022-01-05 09:20:50.210root 11241100x80000000000000006862152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e1d226f3af4f162022-01-05 09:20:50.210root 11241100x80000000000000006862153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b580d4ece4ce36a2022-01-05 09:20:50.211root 11241100x80000000000000006862154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d51b4945ed5052022-01-05 09:20:50.211root 11241100x80000000000000006862155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd632e5566941bf2022-01-05 09:20:50.211root 11241100x80000000000000006862156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dec2549f4958a1a2022-01-05 09:20:50.211root 11241100x80000000000000006862157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9317b903251d6b2022-01-05 09:20:50.211root 11241100x80000000000000006862158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7b22fa8232cc6d2022-01-05 09:20:50.211root 11241100x80000000000000006862159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be1910e23e250382022-01-05 09:20:50.211root 11241100x80000000000000006862160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f6b3230778b632022-01-05 09:20:50.212root 11241100x80000000000000006862161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ab544296832482022-01-05 09:20:50.212root 11241100x80000000000000006862162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd011d6428d6cd7e2022-01-05 09:20:50.212root 11241100x80000000000000006862163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5313dd49fe59952022-01-05 09:20:50.212root 11241100x80000000000000006862164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640d7fb183190e842022-01-05 09:20:50.212root 11241100x80000000000000006862165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecf6e904049e0692022-01-05 09:20:50.212root 11241100x80000000000000006862166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6240c5f5daba6c922022-01-05 09:20:50.213root 11241100x80000000000000006862167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02edeb875b2e0502022-01-05 09:20:50.213root 11241100x80000000000000006862168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d80d31dd72d94c2022-01-05 09:20:50.709root 11241100x80000000000000006862169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973d4bb9a9126552022-01-05 09:20:50.710root 11241100x80000000000000006862170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eee33d2750e57112022-01-05 09:20:50.710root 11241100x80000000000000006862171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e983d7889380782022-01-05 09:20:50.710root 11241100x80000000000000006862172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6ce15be83d21c92022-01-05 09:20:50.711root 11241100x80000000000000006862173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaee6fc9d1c240f2022-01-05 09:20:50.711root 11241100x80000000000000006862174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10f65169dea86362022-01-05 09:20:50.711root 11241100x80000000000000006862175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb53ca68f1ad2a152022-01-05 09:20:50.711root 11241100x80000000000000006862176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86824c74b610addf2022-01-05 09:20:50.711root 11241100x80000000000000006862177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985161485e921ca2022-01-05 09:20:50.711root 11241100x80000000000000006862178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a1591b81f54952022-01-05 09:20:50.712root 11241100x80000000000000006862179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a65ec37b04dae0d2022-01-05 09:20:50.712root 11241100x80000000000000006862180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48470e79d268b1122022-01-05 09:20:50.712root 11241100x80000000000000006862181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b21051ff7eb5b82022-01-05 09:20:50.712root 11241100x80000000000000006862182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f1baca80f58df2022-01-05 09:20:50.712root 11241100x80000000000000006862183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432a69309e0be23e2022-01-05 09:20:50.712root 11241100x80000000000000006862184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c94ea77f0a6ab92022-01-05 09:20:50.713root 11241100x80000000000000006862185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371b51081a6000eb2022-01-05 09:20:50.713root 11241100x80000000000000006862186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d483c759c4140e4c2022-01-05 09:20:50.713root 11241100x80000000000000006862187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45953f9ebe2cce0b2022-01-05 09:20:50.713root 11241100x80000000000000006862188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833c8747a0cb102a2022-01-05 09:20:50.713root 11241100x80000000000000006862189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f26cd10826a0cb2022-01-05 09:20:50.713root 11241100x80000000000000006862190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a0ff9e814307a2022-01-05 09:20:50.713root 11241100x80000000000000006862191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ae8b6b2e2c76f22022-01-05 09:20:50.714root 11241100x80000000000000006862192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a54d32089e6cf2022-01-05 09:20:50.714root 11241100x80000000000000006862193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cc261bb3c980c22022-01-05 09:20:50.716root 11241100x80000000000000006862194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87928b8e7d415f852022-01-05 09:20:50.716root 11241100x80000000000000006862195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:50.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b04881cb6ff10172022-01-05 09:20:50.716root 11241100x80000000000000006862196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c6dc0c0a7374c92022-01-05 09:20:51.210root 11241100x80000000000000006862197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e79f79e056cb5162022-01-05 09:20:51.210root 11241100x80000000000000006862198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322f0ed2cc2f6dbe2022-01-05 09:20:51.210root 11241100x80000000000000006862199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb11d183cb4381f2022-01-05 09:20:51.210root 11241100x80000000000000006862200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175a9223c96d4ad62022-01-05 09:20:51.210root 11241100x80000000000000006862201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1214238beddcf6902022-01-05 09:20:51.210root 11241100x80000000000000006862202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86991807453d97cd2022-01-05 09:20:51.210root 11241100x80000000000000006862203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fb776a8e0e71a02022-01-05 09:20:51.210root 11241100x80000000000000006862204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6eef098595bdc42022-01-05 09:20:51.210root 11241100x80000000000000006862205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b9553e08260642022-01-05 09:20:51.210root 11241100x80000000000000006862206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7b99f53ace39d12022-01-05 09:20:51.210root 11241100x80000000000000006862207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a572db789c9ca5712022-01-05 09:20:51.210root 11241100x80000000000000006862208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aa2caf3ec8e1632022-01-05 09:20:51.211root 11241100x80000000000000006862209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188463abe0965fd82022-01-05 09:20:51.211root 11241100x80000000000000006862210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131a35c6d98a19d72022-01-05 09:20:51.211root 11241100x80000000000000006862211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b47a5eafd009e72022-01-05 09:20:51.211root 11241100x80000000000000006862212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71d2a1b3ca7e4e72022-01-05 09:20:51.211root 11241100x80000000000000006862213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa79404317493cf2022-01-05 09:20:51.211root 11241100x80000000000000006862214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12cffe25bf818932022-01-05 09:20:51.211root 11241100x80000000000000006862215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77740d22757af0002022-01-05 09:20:51.211root 11241100x80000000000000006862216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04853b18ec2992c72022-01-05 09:20:51.211root 11241100x80000000000000006862217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3878f294122563c92022-01-05 09:20:51.211root 11241100x80000000000000006862218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b8011a52ae13392022-01-05 09:20:51.211root 11241100x80000000000000006862219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73871dfb143c94432022-01-05 09:20:51.211root 11241100x80000000000000006862220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc324104299ccc242022-01-05 09:20:51.211root 11241100x80000000000000006862221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1624a64fd8dfbdf2022-01-05 09:20:51.211root 11241100x80000000000000006862222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059ba7c86fe5f2312022-01-05 09:20:51.211root 11241100x80000000000000006862223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905bd2eae4d3e8402022-01-05 09:20:51.212root 11241100x80000000000000006862224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4331f76acb99df2022-01-05 09:20:51.709root 11241100x80000000000000006862225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7f93281c31a942022-01-05 09:20:51.709root 11241100x80000000000000006862226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdae37b97b857102022-01-05 09:20:51.709root 11241100x80000000000000006862227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e5e59be4a561d52022-01-05 09:20:51.709root 11241100x80000000000000006862228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624239b240d152f82022-01-05 09:20:51.709root 11241100x80000000000000006862229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962fe55fee3429f02022-01-05 09:20:51.710root 11241100x80000000000000006862230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3915159bdeefb4622022-01-05 09:20:51.710root 11241100x80000000000000006862231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5c7b2a06bce3f62022-01-05 09:20:51.710root 11241100x80000000000000006862232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c993fe186b28402022-01-05 09:20:51.711root 11241100x80000000000000006862233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326fa34cb0a375062022-01-05 09:20:51.711root 11241100x80000000000000006862234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24eaaf937d7aa0b2022-01-05 09:20:51.711root 11241100x80000000000000006862235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2712fb33080f7632022-01-05 09:20:51.712root 11241100x80000000000000006862236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda1ffca0bbe7852022-01-05 09:20:51.712root 11241100x80000000000000006862237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b55366283aac51b2022-01-05 09:20:51.712root 11241100x80000000000000006862238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eeda9004112fedf2022-01-05 09:20:51.712root 11241100x80000000000000006862239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b89ec177abc652022-01-05 09:20:51.713root 11241100x80000000000000006862240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edf79a6fe90b6b92022-01-05 09:20:51.713root 11241100x80000000000000006862241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf84d660847d27b2022-01-05 09:20:51.713root 11241100x80000000000000006862242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9262b9562a0842022-01-05 09:20:51.713root 11241100x80000000000000006862243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c606e9a1c5336262022-01-05 09:20:51.713root 11241100x80000000000000006862244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b699645795fea1d22022-01-05 09:20:51.713root 11241100x80000000000000006862245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4593753fc7796e8a2022-01-05 09:20:51.713root 11241100x80000000000000006862246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c26dd7ee47199d2022-01-05 09:20:51.713root 11241100x80000000000000006862247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7f8aa97890098b2022-01-05 09:20:51.713root 11241100x80000000000000006862248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1656073db74773c12022-01-05 09:20:51.713root 11241100x80000000000000006862249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb68ef66b7b9b792022-01-05 09:20:51.714root 11241100x80000000000000006862250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e8336d2b547be2022-01-05 09:20:51.714root 11241100x80000000000000006862251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f31c9a443858aa2022-01-05 09:20:51.714root 11241100x80000000000000006862252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36905e87ee5039e2022-01-05 09:20:51.714root 11241100x80000000000000006862253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f297aad1f7cf7fb62022-01-05 09:20:51.714root 11241100x80000000000000006862254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b42db9796960132022-01-05 09:20:51.714root 11241100x80000000000000006862255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61930dc4c672c782022-01-05 09:20:51.714root 11241100x80000000000000006862256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dba3f1ba055b4a2022-01-05 09:20:51.714root 11241100x80000000000000006862257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f76c623dd6e5d492022-01-05 09:20:51.714root 11241100x80000000000000006862258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:51.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47fb3a9ea468a52022-01-05 09:20:51.714root 354300x80000000000000006862259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40708-false10.0.1.12-8000- 11241100x80000000000000006862260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d4e15adbb5ab972022-01-05 09:20:52.102root 11241100x80000000000000006862261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c995f71278fdd942022-01-05 09:20:52.102root 11241100x80000000000000006862262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e49773f3f840d12022-01-05 09:20:52.102root 11241100x80000000000000006862263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.102{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01dcd93f68e33c4a2022-01-05 09:20:52.102root 11241100x80000000000000006862264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e3b96c6fb8956a2022-01-05 09:20:52.103root 11241100x80000000000000006862265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec514a9a2882fe562022-01-05 09:20:52.103root 11241100x80000000000000006862266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a226c112e3a41542022-01-05 09:20:52.103root 11241100x80000000000000006862267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4093758d1d64802022-01-05 09:20:52.103root 11241100x80000000000000006862268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510320d2b6e44ccf2022-01-05 09:20:52.103root 11241100x80000000000000006862269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa1ba74919ddff2022-01-05 09:20:52.103root 11241100x80000000000000006862270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912e1cba29d48ba2022-01-05 09:20:52.103root 11241100x80000000000000006862271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552b0176dd7336652022-01-05 09:20:52.103root 11241100x80000000000000006862272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4074ba41acff24db2022-01-05 09:20:52.103root 11241100x80000000000000006862273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5871c7112135fb2022-01-05 09:20:52.103root 11241100x80000000000000006862274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22af94d71de05d82022-01-05 09:20:52.103root 11241100x80000000000000006862275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55b87769a9800672022-01-05 09:20:52.103root 11241100x80000000000000006862276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5f9ddca89a0c7d2022-01-05 09:20:52.103root 11241100x80000000000000006862277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.103{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad47438afeea652022-01-05 09:20:52.103root 11241100x80000000000000006862278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e317043b6674627b2022-01-05 09:20:52.104root 11241100x80000000000000006862279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33976bad18b25fa42022-01-05 09:20:52.104root 11241100x80000000000000006862280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4928825a54f3722022-01-05 09:20:52.104root 11241100x80000000000000006862281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baea7ecc8bd357ba2022-01-05 09:20:52.104root 11241100x80000000000000006862282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b05d0b25572eedb2022-01-05 09:20:52.104root 11241100x80000000000000006862283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91513b3e095276eb2022-01-05 09:20:52.104root 11241100x80000000000000006862284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501231afb8a6ad8d2022-01-05 09:20:52.104root 11241100x80000000000000006862285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5a96d8485a5882022-01-05 09:20:52.104root 11241100x80000000000000006862286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff66919032e2a4312022-01-05 09:20:52.104root 11241100x80000000000000006862287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1cf9ad129c278f2022-01-05 09:20:52.104root 11241100x80000000000000006862288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8298ec36cdea712022-01-05 09:20:52.104root 11241100x80000000000000006862289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264173a2a65e622a2022-01-05 09:20:52.104root 11241100x80000000000000006862290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.104{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8829beedbd46c1832022-01-05 09:20:52.104root 11241100x80000000000000006862291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4756304b239e480e2022-01-05 09:20:52.105root 11241100x80000000000000006862292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7954c2ef2ef037c2022-01-05 09:20:52.105root 11241100x80000000000000006862293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37738a9cc4107ab42022-01-05 09:20:52.105root 11241100x80000000000000006862294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08817c47a8dcc91a2022-01-05 09:20:52.105root 11241100x80000000000000006862295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.105{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f29c4a5e0f1a7b2022-01-05 09:20:52.105root 11241100x80000000000000006862296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6fc71a24f41eca2022-01-05 09:20:52.459root 11241100x80000000000000006862297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d96e63437d340122022-01-05 09:20:52.459root 11241100x80000000000000006862298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0327d65dae0ed02022-01-05 09:20:52.459root 11241100x80000000000000006862299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34593a2fa8873ffb2022-01-05 09:20:52.460root 11241100x80000000000000006862300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6755698504ae292022-01-05 09:20:52.460root 11241100x80000000000000006862301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6795de92d29ed9b2022-01-05 09:20:52.460root 11241100x80000000000000006862302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4731fe6c8df378542022-01-05 09:20:52.460root 11241100x80000000000000006862303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cb5060a9d83ab02022-01-05 09:20:52.460root 11241100x80000000000000006862304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8975e8a07b5bb372022-01-05 09:20:52.460root 11241100x80000000000000006862305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805cdc82debd53352022-01-05 09:20:52.460root 11241100x80000000000000006862306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc007f32c89c06a52022-01-05 09:20:52.460root 11241100x80000000000000006862307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9293c8096c11b5f42022-01-05 09:20:52.460root 11241100x80000000000000006862308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65f092e4226dcc32022-01-05 09:20:52.460root 11241100x80000000000000006862309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01418a0cf8a494b72022-01-05 09:20:52.461root 11241100x80000000000000006862310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8913f153556dfa2022-01-05 09:20:52.461root 11241100x80000000000000006862311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81834a5ec572d8e2022-01-05 09:20:52.461root 11241100x80000000000000006862312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171461f7b0fc9fc62022-01-05 09:20:52.461root 11241100x80000000000000006862313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2369307051b9a972022-01-05 09:20:52.462root 11241100x80000000000000006862314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edba75fbd3d63f152022-01-05 09:20:52.462root 11241100x80000000000000006862315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1e212d05f95b282022-01-05 09:20:52.462root 11241100x80000000000000006862316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e94e6cd49aff82022-01-05 09:20:52.462root 11241100x80000000000000006862317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c950061a6cbfd69d2022-01-05 09:20:52.462root 11241100x80000000000000006862318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909f1b8ada2031662022-01-05 09:20:52.462root 11241100x80000000000000006862319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bba83735fad60d2022-01-05 09:20:52.462root 11241100x80000000000000006862320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a0d7e8a4da91a12022-01-05 09:20:52.462root 11241100x80000000000000006862321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7260bd0e2172da6f2022-01-05 09:20:52.462root 11241100x80000000000000006862322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df749c93a7a2ece52022-01-05 09:20:52.462root 11241100x80000000000000006862323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fc467d1d51bdc72022-01-05 09:20:52.462root 11241100x80000000000000006862324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9abfe3b63adc02022-01-05 09:20:52.462root 11241100x80000000000000006862325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79cb50a5d2edf332022-01-05 09:20:52.959root 11241100x80000000000000006862326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d69332d524e29d72022-01-05 09:20:52.959root 11241100x80000000000000006862327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a20a5225d711db2022-01-05 09:20:52.959root 11241100x80000000000000006862328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2915b4107497e22022-01-05 09:20:52.959root 11241100x80000000000000006862329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2950567f2df0240b2022-01-05 09:20:52.960root 11241100x80000000000000006862330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed77e8fc58e0742022-01-05 09:20:52.960root 11241100x80000000000000006862331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0670cc1d1b0177cc2022-01-05 09:20:52.960root 11241100x80000000000000006862332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366a138b2098ea62022-01-05 09:20:52.960root 11241100x80000000000000006862333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa9b02f0f33fcd02022-01-05 09:20:52.960root 11241100x80000000000000006862334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969756da447fbc92022-01-05 09:20:52.960root 11241100x80000000000000006862335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b537da1ce26cf7572022-01-05 09:20:52.961root 11241100x80000000000000006862336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc857bdeda36f122022-01-05 09:20:52.961root 11241100x80000000000000006862337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde1da2e1f1a4262022-01-05 09:20:52.961root 11241100x80000000000000006862338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e989add25111d1b2022-01-05 09:20:52.962root 11241100x80000000000000006862339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb1aa7cca94c34b2022-01-05 09:20:52.963root 11241100x80000000000000006862340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c60ebd522598de52022-01-05 09:20:52.963root 11241100x80000000000000006862341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e914093e9ed3d82022-01-05 09:20:52.963root 11241100x80000000000000006862342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c1c958e5a84a382022-01-05 09:20:52.965root 11241100x80000000000000006862343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9add3000e1818da2022-01-05 09:20:52.965root 11241100x80000000000000006862344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc57ca3f0f5d885a2022-01-05 09:20:52.965root 11241100x80000000000000006862345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdd120580b8611f2022-01-05 09:20:52.965root 11241100x80000000000000006862346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf944ffbbe1fc872022-01-05 09:20:52.965root 11241100x80000000000000006862347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f498923df508f7632022-01-05 09:20:52.965root 11241100x80000000000000006862348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43189a62db3cb92022-01-05 09:20:52.966root 11241100x80000000000000006862349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4798ccc8f638f92022-01-05 09:20:52.966root 11241100x80000000000000006862350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9970fd9a80c135952022-01-05 09:20:52.966root 11241100x80000000000000006862351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26042c91decf7412022-01-05 09:20:52.966root 11241100x80000000000000006862352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a248031ba55e8aa2022-01-05 09:20:52.966root 11241100x80000000000000006862353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef6d2bd0fb5d0db2022-01-05 09:20:52.966root 11241100x80000000000000006862354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5af64440f275052022-01-05 09:20:52.966root 11241100x80000000000000006862355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0ef2ee57328ec12022-01-05 09:20:52.967root 11241100x80000000000000006862356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8646da9c98ac4152022-01-05 09:20:52.967root 11241100x80000000000000006862357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1620ee1ef50818e82022-01-05 09:20:52.967root 11241100x80000000000000006862358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b5b187043bfed32022-01-05 09:20:52.967root 11241100x80000000000000006862359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66cd3a72dee28d2022-01-05 09:20:52.967root 11241100x80000000000000006862360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd558744ee7a07d32022-01-05 09:20:52.967root 11241100x80000000000000006862361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78e7df13def79f2022-01-05 09:20:52.967root 11241100x80000000000000006862362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5930caa8b345c9272022-01-05 09:20:52.967root 11241100x80000000000000006862363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:52.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149362d0fc6911732022-01-05 09:20:52.967root 11241100x80000000000000006862364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1205e1317c6de46a2022-01-05 09:20:53.459root 11241100x80000000000000006862365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469ff1c5a6caf9b52022-01-05 09:20:53.460root 11241100x80000000000000006862366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72500b9afb29de82022-01-05 09:20:53.460root 11241100x80000000000000006862367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0139f8d29da83272022-01-05 09:20:53.460root 11241100x80000000000000006862368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4534a9de22aa503e2022-01-05 09:20:53.460root 11241100x80000000000000006862369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e5376d38cd304c2022-01-05 09:20:53.461root 11241100x80000000000000006862370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1dbefdbcefe9332022-01-05 09:20:53.461root 11241100x80000000000000006862371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4176207fbc791ef92022-01-05 09:20:53.461root 11241100x80000000000000006862372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b480f89c86c0f2022-01-05 09:20:53.461root 11241100x80000000000000006862373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ac9d443bec25722022-01-05 09:20:53.461root 11241100x80000000000000006862374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94408b54aff5fb112022-01-05 09:20:53.461root 11241100x80000000000000006862375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af962c1ebc5821c2022-01-05 09:20:53.462root 11241100x80000000000000006862376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c89120346a5ae502022-01-05 09:20:53.462root 11241100x80000000000000006862377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f312a84ba7d93d002022-01-05 09:20:53.462root 11241100x80000000000000006862378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d4efbbc7bf166e2022-01-05 09:20:53.462root 11241100x80000000000000006862379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbc0de147e457cc2022-01-05 09:20:53.462root 11241100x80000000000000006862380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ffdcf49015f7642022-01-05 09:20:53.463root 11241100x80000000000000006862381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1f34237e2675822022-01-05 09:20:53.463root 11241100x80000000000000006862382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809c7b1423b49e5d2022-01-05 09:20:53.463root 11241100x80000000000000006862383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef954fd00c2a34f2022-01-05 09:20:53.463root 11241100x80000000000000006862384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f745a5ae1f0f5362022-01-05 09:20:53.463root 11241100x80000000000000006862385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1527c0b91b8fb6bc2022-01-05 09:20:53.463root 11241100x80000000000000006862386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e19da9c28d9b5b2022-01-05 09:20:53.464root 11241100x80000000000000006862387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9916066279d7102022-01-05 09:20:53.464root 11241100x80000000000000006862388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0290dd1d259b74612022-01-05 09:20:53.464root 11241100x80000000000000006862389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123feb80ff8354662022-01-05 09:20:53.464root 11241100x80000000000000006862390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb87bdc93f28322022-01-05 09:20:53.465root 11241100x80000000000000006862391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cca9591de183d92022-01-05 09:20:53.465root 11241100x80000000000000006862392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dbe7a6005087a72022-01-05 09:20:53.466root 11241100x80000000000000006862393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7b8e7ee398c2b72022-01-05 09:20:53.466root 11241100x80000000000000006862394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309f3aaab900e39c2022-01-05 09:20:53.959root 11241100x80000000000000006862395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e6592edbdfeda52022-01-05 09:20:53.960root 11241100x80000000000000006862396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68267d31cb6290f02022-01-05 09:20:53.960root 11241100x80000000000000006862397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4f6244ff162792022-01-05 09:20:53.960root 11241100x80000000000000006862398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c321b5557cf21c892022-01-05 09:20:53.960root 11241100x80000000000000006862399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afd9052474020c52022-01-05 09:20:53.961root 11241100x80000000000000006862400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40253f037e93da552022-01-05 09:20:53.961root 11241100x80000000000000006862401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7e5fed95443c2f2022-01-05 09:20:53.961root 11241100x80000000000000006862402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3599aaeacfdb292022-01-05 09:20:53.961root 11241100x80000000000000006862403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc74f2f73d34a5e52022-01-05 09:20:53.961root 11241100x80000000000000006862404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e782f8144fde97c2022-01-05 09:20:53.961root 11241100x80000000000000006862405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488356b59c9bc9372022-01-05 09:20:53.961root 11241100x80000000000000006862406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d629b9b597ef8d472022-01-05 09:20:53.961root 11241100x80000000000000006862407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db66b7954a841872022-01-05 09:20:53.961root 11241100x80000000000000006862408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bcdd4d320069a12022-01-05 09:20:53.962root 11241100x80000000000000006862409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4c132259e6ff542022-01-05 09:20:53.962root 11241100x80000000000000006862410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e60d78b592ced62022-01-05 09:20:53.962root 11241100x80000000000000006862411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97bb86b0391fe852022-01-05 09:20:53.962root 11241100x80000000000000006862412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406ce74cac38c272022-01-05 09:20:53.962root 11241100x80000000000000006862413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac722d8a73dd3842022-01-05 09:20:53.962root 11241100x80000000000000006862414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1474fc37d99302742022-01-05 09:20:53.962root 11241100x80000000000000006862415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbfc482307dab252022-01-05 09:20:53.962root 11241100x80000000000000006862416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3986130a4ebe252022-01-05 09:20:53.962root 11241100x80000000000000006862417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab507b1e0303ff12022-01-05 09:20:53.962root 11241100x80000000000000006862418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ee0e8aa0ec35592022-01-05 09:20:53.963root 11241100x80000000000000006862419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77213a389efb1b0e2022-01-05 09:20:53.963root 11241100x80000000000000006862420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd07ce0497d152952022-01-05 09:20:53.963root 11241100x80000000000000006862421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce3f04ce324ec6f2022-01-05 09:20:53.963root 11241100x80000000000000006862422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffc3f0718329e142022-01-05 09:20:53.963root 11241100x80000000000000006862423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e0904c4b0bff702022-01-05 09:20:53.963root 11241100x80000000000000006862424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:53.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4780391c0c9cea72022-01-05 09:20:53.963root 11241100x80000000000000006862425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623434afa281fb172022-01-05 09:20:54.459root 11241100x80000000000000006862426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966d8d1c4b86ac4a2022-01-05 09:20:54.459root 11241100x80000000000000006862427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f2394d378e4f962022-01-05 09:20:54.459root 11241100x80000000000000006862428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387c5ec2d54fcce62022-01-05 09:20:54.459root 11241100x80000000000000006862429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ef6d6d88c3355f2022-01-05 09:20:54.459root 11241100x80000000000000006862430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fc3cc94d9ef2d12022-01-05 09:20:54.460root 11241100x80000000000000006862431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4f84eedb8349a62022-01-05 09:20:54.460root 11241100x80000000000000006862432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22dae7b354f47762022-01-05 09:20:54.460root 11241100x80000000000000006862433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cfcf4e154440bd2022-01-05 09:20:54.460root 11241100x80000000000000006862434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc8fd0e9c8faf4e2022-01-05 09:20:54.460root 11241100x80000000000000006862435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e64c04bdcfa45cc2022-01-05 09:20:54.461root 11241100x80000000000000006862436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6263d6b40d666d42022-01-05 09:20:54.461root 11241100x80000000000000006862437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c7176c0802e2a42022-01-05 09:20:54.461root 11241100x80000000000000006862438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d80d9258a170722022-01-05 09:20:54.461root 11241100x80000000000000006862439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5f417b938d52e42022-01-05 09:20:54.461root 11241100x80000000000000006862440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e0e32c0d67bcfa2022-01-05 09:20:54.461root 11241100x80000000000000006862441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa0985b0ace15a62022-01-05 09:20:54.461root 11241100x80000000000000006862442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aef4d0d41e871d42022-01-05 09:20:54.461root 11241100x80000000000000006862443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:20:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d204fee719aa05732022-01-05 09:20:54.461root 23542300x80000000000000006862493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:02.404{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006862494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fad299923a38dba2022-01-05 09:21:02.709root 354300x80000000000000006862495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.126{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40712-false10.0.1.12-8000- 11241100x80000000000000006862496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdf08156c1903cb2022-01-05 09:21:03.126root 11241100x80000000000000006862497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27702a9999ee79962022-01-05 09:21:03.459root 11241100x80000000000000006862498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a980dd5d353c68d22022-01-05 09:21:03.459root 11241100x80000000000000006862499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f064e647615940d2022-01-05 09:21:03.959root 11241100x80000000000000006862500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:03.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a3a47276371ee12022-01-05 09:21:03.959root 11241100x80000000000000006862501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5400f4f561ddaf72022-01-05 09:21:04.459root 11241100x80000000000000006862502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b504d089a8865b5f2022-01-05 09:21:04.459root 11241100x80000000000000006862503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158db5303a4a52812022-01-05 09:21:04.959root 11241100x80000000000000006862504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:04.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d125de84f89add752022-01-05 09:21:04.959root 11241100x80000000000000006862505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3e8f60ef556cd72022-01-05 09:21:05.459root 11241100x80000000000000006862506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24de76b914ce6e52022-01-05 09:21:05.459root 11241100x80000000000000006862507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a1489f2b311dd2022-01-05 09:21:05.959root 11241100x80000000000000006862508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:05.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59e8ca0825ea2732022-01-05 09:21:05.959root 11241100x80000000000000006862509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d8c1dc98a820b2022-01-05 09:21:06.459root 11241100x80000000000000006862510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ef99c61cef0dc2022-01-05 09:21:06.459root 154100x80000000000000006862511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.821{ec2e79f3-6302-61d5-6894-823ff8550000}22932/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006862512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.822{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab5b6d12b2be8be2022-01-05 09:21:06.822root 11241100x80000000000000006862513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.822{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8669827e8f98de3d2022-01-05 09:21:06.822root 534500x80000000000000006862514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:06.838{ec2e79f3-6302-61d5-6894-823ff8550000}22932/bin/psroot 11241100x80000000000000006862515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98fcde31e68c40b2022-01-05 09:21:07.209root 11241100x80000000000000006862516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0921ace9d016f2022-01-05 09:21:07.209root 11241100x80000000000000006862517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0d9e6cdef53b802022-01-05 09:21:07.209root 11241100x80000000000000006862518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea93775b123ae8342022-01-05 09:21:07.209root 11241100x80000000000000006862519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b96c7f4652d7042022-01-05 09:21:07.709root 11241100x80000000000000006862520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe0a23c899a8fe12022-01-05 09:21:07.709root 11241100x80000000000000006862521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f7d84d6f7503d62022-01-05 09:21:07.709root 11241100x80000000000000006862522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898972d264e3d6b92022-01-05 09:21:07.709root 11241100x80000000000000006862523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb5b6279944ac112022-01-05 09:21:08.209root 11241100x80000000000000006862524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b73e0cb702d21e52022-01-05 09:21:08.209root 11241100x80000000000000006862525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d811f7e02bef9f2022-01-05 09:21:08.209root 11241100x80000000000000006862526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a913d710e74262022-01-05 09:21:08.209root 11241100x80000000000000006862527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37f1008dac2655e2022-01-05 09:21:08.709root 11241100x80000000000000006862528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b568f94871b05a12022-01-05 09:21:08.709root 11241100x80000000000000006862529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fe0f017eea045f2022-01-05 09:21:08.710root 11241100x80000000000000006862530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769a32849000bab12022-01-05 09:21:08.710root 354300x80000000000000006862531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.020{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40714-false10.0.1.12-8000- 11241100x80000000000000006862532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.021{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1bf328d4a77d472022-01-05 09:21:09.021root 11241100x80000000000000006862533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffb4fa817d935042022-01-05 09:21:09.022root 11241100x80000000000000006862534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dddd31775738d562022-01-05 09:21:09.022root 11241100x80000000000000006862535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c8d7ef32d22a9c2022-01-05 09:21:09.022root 11241100x80000000000000006862536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.022{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ee87b6fa33b9d2022-01-05 09:21:09.022root 11241100x80000000000000006862537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186322bfb4516f7c2022-01-05 09:21:09.459root 11241100x80000000000000006862538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c8688744aab612022-01-05 09:21:09.459root 11241100x80000000000000006862539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebabd1598a2438622022-01-05 09:21:09.460root 11241100x80000000000000006862540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121fb94e8a7bfcaa2022-01-05 09:21:09.460root 11241100x80000000000000006862541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920db5d7dd764f2a2022-01-05 09:21:09.460root 11241100x80000000000000006862542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72decb2d1199e5222022-01-05 09:21:09.959root 11241100x80000000000000006862543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805a916da37f1182022-01-05 09:21:09.959root 11241100x80000000000000006862544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37733d053201a1702022-01-05 09:21:09.960root 11241100x80000000000000006862545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c018b298b57f5a352022-01-05 09:21:09.960root 11241100x80000000000000006862546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c12f4d42ee877582022-01-05 09:21:09.960root 11241100x80000000000000006862547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8a22304d71c752022-01-05 09:21:10.459root 11241100x80000000000000006862548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b2d204a72180b42022-01-05 09:21:10.459root 11241100x80000000000000006862549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57058f48ba3b0e812022-01-05 09:21:10.460root 11241100x80000000000000006862550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0674dc41cb1b8a2022-01-05 09:21:10.460root 11241100x80000000000000006862551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7f78aa7c38c402022-01-05 09:21:10.460root 11241100x80000000000000006862552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1394f1ace013a252022-01-05 09:21:10.959root 11241100x80000000000000006862553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a905b14f2b6daa72022-01-05 09:21:10.959root 11241100x80000000000000006862554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eed6a3c7f971e262022-01-05 09:21:10.960root 11241100x80000000000000006862555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4ce18d993d55042022-01-05 09:21:10.960root 11241100x80000000000000006862556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca4775f2a53335c2022-01-05 09:21:10.960root 11241100x80000000000000006862557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81a940d45d91a592022-01-05 09:21:11.459root 11241100x80000000000000006862558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9a16939b02b4a12022-01-05 09:21:11.459root 11241100x80000000000000006862559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfa67c24fc644562022-01-05 09:21:11.459root 11241100x80000000000000006862560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4c97739bef7e8d2022-01-05 09:21:11.460root 11241100x80000000000000006862561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f39a8dfccab68542022-01-05 09:21:11.460root 11241100x80000000000000006862562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681af5f4e75fb16e2022-01-05 09:21:11.959root 11241100x80000000000000006862563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f68260acad09102022-01-05 09:21:11.959root 11241100x80000000000000006862564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d4463bf53e78502022-01-05 09:21:11.960root 11241100x80000000000000006862565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0069d12e4e03b62022-01-05 09:21:11.960root 11241100x80000000000000006862566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:11.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f26db64bde0f7e2022-01-05 09:21:11.960root 11241100x80000000000000006862567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5fa865057c749f2022-01-05 09:21:12.459root 11241100x80000000000000006862568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a67d6c9a42d26352022-01-05 09:21:12.459root 11241100x80000000000000006862569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f88dc65dc280692022-01-05 09:21:12.459root 11241100x80000000000000006862570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0622c7e062e8b0152022-01-05 09:21:12.460root 11241100x80000000000000006862571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa51e2f227b813162022-01-05 09:21:12.460root 11241100x80000000000000006862572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938dd261318626202022-01-05 09:21:12.959root 11241100x80000000000000006862573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcf26021e6f9c682022-01-05 09:21:12.959root 11241100x80000000000000006862574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bd6a45c98392ff2022-01-05 09:21:12.959root 11241100x80000000000000006862575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3301b6e7bfe3c23f2022-01-05 09:21:12.960root 11241100x80000000000000006862576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee01f3541a6707d02022-01-05 09:21:12.960root 11241100x80000000000000006862577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8530b1d88e2247022022-01-05 09:21:13.459root 11241100x80000000000000006862578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927a9804758efeeb2022-01-05 09:21:13.459root 11241100x80000000000000006862579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13082d4e5ab312052022-01-05 09:21:13.459root 11241100x80000000000000006862580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3961de38f50d50a2022-01-05 09:21:13.460root 11241100x80000000000000006862581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef7bf4a71b5562f2022-01-05 09:21:13.460root 11241100x80000000000000006862582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d06da53053767df2022-01-05 09:21:13.959root 11241100x80000000000000006862583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a69f7c64c6d64d2022-01-05 09:21:13.959root 11241100x80000000000000006862584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ef6924412292ec2022-01-05 09:21:13.959root 11241100x80000000000000006862585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007ca04b9f535022022-01-05 09:21:13.959root 11241100x80000000000000006862586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4303b5458d2f8ed2022-01-05 09:21:13.960root 354300x80000000000000006862587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.155{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40716-false10.0.1.12-8000- 11241100x80000000000000006862588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38845d6e7af7bb962022-01-05 09:21:14.460root 11241100x80000000000000006862589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2b4c507f8c7e5e2022-01-05 09:21:14.461root 11241100x80000000000000006862590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd950309aa2414ed2022-01-05 09:21:14.461root 11241100x80000000000000006862591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e198116155b5c052022-01-05 09:21:14.461root 11241100x80000000000000006862592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35714d849fc725012022-01-05 09:21:14.462root 11241100x80000000000000006862593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6bd0f565d57b222022-01-05 09:21:14.462root 11241100x80000000000000006862594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f83d069b0681b22022-01-05 09:21:14.959root 11241100x80000000000000006862595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ad02ae24c028ce2022-01-05 09:21:14.959root 11241100x80000000000000006862596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699805fc7abc4962022-01-05 09:21:14.959root 11241100x80000000000000006862597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de0ace36907a92f2022-01-05 09:21:14.959root 11241100x80000000000000006862598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7fdf57d145db312022-01-05 09:21:14.959root 11241100x80000000000000006862599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c842c826c456372022-01-05 09:21:14.959root 11241100x80000000000000006862600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4c2667cc2186472022-01-05 09:21:15.459root 11241100x80000000000000006862601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e755cdf93c95f62022-01-05 09:21:15.459root 11241100x80000000000000006862602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d71baa7ff67d842022-01-05 09:21:15.459root 11241100x80000000000000006862603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f766e654e06e132022-01-05 09:21:15.459root 11241100x80000000000000006862604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fcc7905a114b782022-01-05 09:21:15.459root 11241100x80000000000000006862605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8d7132e55b57702022-01-05 09:21:15.459root 11241100x80000000000000006862606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79361d9c7b1fdd962022-01-05 09:21:15.959root 11241100x80000000000000006862607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2978949c417991512022-01-05 09:21:15.959root 11241100x80000000000000006862608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d70d9dc9525832022-01-05 09:21:15.959root 11241100x80000000000000006862609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546fed912943a2982022-01-05 09:21:15.959root 11241100x80000000000000006862610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c686d58731547a552022-01-05 09:21:15.959root 11241100x80000000000000006862611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f762e72c3cc262022-01-05 09:21:15.959root 11241100x80000000000000006862612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ac825bc9fd9e8d2022-01-05 09:21:16.459root 11241100x80000000000000006862613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46662185773ca90d2022-01-05 09:21:16.459root 11241100x80000000000000006862614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2452938c2456c32022-01-05 09:21:16.459root 11241100x80000000000000006862615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacb623d6f33f68c2022-01-05 09:21:16.459root 11241100x80000000000000006862616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3455c5a8a91b6a62022-01-05 09:21:16.459root 11241100x80000000000000006862617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95591dd3d79d27c2022-01-05 09:21:16.459root 11241100x80000000000000006862618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bcaeb40baf55af2022-01-05 09:21:16.959root 11241100x80000000000000006862619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9a0a89152c13722022-01-05 09:21:16.959root 11241100x80000000000000006862620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344c06174f2cec902022-01-05 09:21:16.959root 11241100x80000000000000006862621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9875cae6ff7affc2022-01-05 09:21:16.959root 11241100x80000000000000006862622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e9ce2def509722022-01-05 09:21:16.959root 11241100x80000000000000006862623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:16.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdadc78f83ab96d2022-01-05 09:21:16.960root 11241100x80000000000000006862624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446192dad07369f2022-01-05 09:21:17.459root 11241100x80000000000000006862625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13473249033eae9c2022-01-05 09:21:17.459root 11241100x80000000000000006862626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5785897110ff2442022-01-05 09:21:17.459root 11241100x80000000000000006862627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e03e91121ac27812022-01-05 09:21:17.459root 11241100x80000000000000006862628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fed82adb907bfa2022-01-05 09:21:17.459root 11241100x80000000000000006862629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbcafc985249fbb2022-01-05 09:21:17.459root 11241100x80000000000000006862630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eee94ec955bc29f2022-01-05 09:21:17.959root 11241100x80000000000000006862631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c1660193bdc53c2022-01-05 09:21:17.959root 11241100x80000000000000006862632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71033fc1169423d72022-01-05 09:21:17.959root 11241100x80000000000000006862633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f278439ebfdc072022-01-05 09:21:17.959root 11241100x80000000000000006862634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98507bdf79eb73362022-01-05 09:21:17.959root 11241100x80000000000000006862635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2624f7f4a1ccf4e2022-01-05 09:21:17.959root 11241100x80000000000000006862636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16039a8dcc3ab09e2022-01-05 09:21:18.459root 11241100x80000000000000006862637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c128f9e0260fb2022-01-05 09:21:18.459root 11241100x80000000000000006862638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bdf2bf0a4c72962022-01-05 09:21:18.459root 11241100x80000000000000006862639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8742fd3228e96d5f2022-01-05 09:21:18.459root 11241100x80000000000000006862640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b34e37dcdaf3372022-01-05 09:21:18.459root 11241100x80000000000000006862641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6293c33b5c01574d2022-01-05 09:21:18.460root 11241100x80000000000000006862642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9882ed1504e0dc42022-01-05 09:21:18.959root 11241100x80000000000000006862643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6638be504839372022-01-05 09:21:18.959root 11241100x80000000000000006862644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed97601a1cb6dafb2022-01-05 09:21:18.959root 11241100x80000000000000006862645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0834da193f3433822022-01-05 09:21:18.959root 11241100x80000000000000006862646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae41deb7fc7bac142022-01-05 09:21:18.959root 11241100x80000000000000006862647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677e29ef6a96512a2022-01-05 09:21:18.959root 11241100x80000000000000006862648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91cd6cc5ddb7882022-01-05 09:21:19.459root 11241100x80000000000000006862649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d5051a6c1d9da42022-01-05 09:21:19.459root 11241100x80000000000000006862650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe64eafb6a6d51b2022-01-05 09:21:19.460root 11241100x80000000000000006862651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadd322e20bab0d12022-01-05 09:21:19.460root 11241100x80000000000000006862652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9bbb8eed5824e62022-01-05 09:21:19.460root 11241100x80000000000000006862653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7931fe5f100f9d072022-01-05 09:21:19.460root 11241100x80000000000000006862654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49dd52ee8cb62a42022-01-05 09:21:19.959root 11241100x80000000000000006862655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f02b94abe5bdba2022-01-05 09:21:19.959root 11241100x80000000000000006862656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e4c350090effdb2022-01-05 09:21:19.959root 11241100x80000000000000006862657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600e1d50b54e0d162022-01-05 09:21:19.959root 11241100x80000000000000006862658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196b80bcfae9cdb2022-01-05 09:21:19.959root 11241100x80000000000000006862659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ca67500e82194f2022-01-05 09:21:19.959root 354300x80000000000000006862660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.029{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40718-false10.0.1.12-8000- 11241100x80000000000000006862661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddb4acb0b0660c12022-01-05 09:21:20.459root 11241100x80000000000000006862662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ab74d0b636edc2022-01-05 09:21:20.459root 11241100x80000000000000006862663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d28f70f9b6bc142022-01-05 09:21:20.459root 11241100x80000000000000006862664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7be9dd931a8fd2022-01-05 09:21:20.459root 11241100x80000000000000006862665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efe191584885e102022-01-05 09:21:20.459root 11241100x80000000000000006862666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f965e7f70fb8262022-01-05 09:21:20.459root 11241100x80000000000000006862667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357720acda97eab62022-01-05 09:21:20.460root 11241100x80000000000000006862668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab4cc186450d4802022-01-05 09:21:20.959root 11241100x80000000000000006862669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b9a5cb967d07f2022-01-05 09:21:20.959root 11241100x80000000000000006862670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc00c6443d492092022-01-05 09:21:20.959root 11241100x80000000000000006862671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fa84ec53ee41672022-01-05 09:21:20.959root 11241100x80000000000000006862672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5766df4daf1d03952022-01-05 09:21:20.959root 11241100x80000000000000006862673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e7d1fd98e94fa92022-01-05 09:21:20.959root 11241100x80000000000000006862674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e242bb4190cd57b2022-01-05 09:21:20.960root 11241100x80000000000000006862675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7724dae5e5a896842022-01-05 09:21:21.459root 11241100x80000000000000006862676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8131e68e29a3678b2022-01-05 09:21:21.459root 11241100x80000000000000006862677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba581a64c898c12022-01-05 09:21:21.459root 11241100x80000000000000006862678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a05d1dcd2404bcd2022-01-05 09:21:21.459root 11241100x80000000000000006862679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1da28ad215d5762022-01-05 09:21:21.459root 11241100x80000000000000006862680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440335e55207a4132022-01-05 09:21:21.459root 11241100x80000000000000006862681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad1a114aaae1932022-01-05 09:21:21.460root 11241100x80000000000000006862682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b62877c8e2406c2022-01-05 09:21:21.959root 11241100x80000000000000006862683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8008965cd113945c2022-01-05 09:21:21.959root 11241100x80000000000000006862684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408b5b9822c8d9912022-01-05 09:21:21.959root 11241100x80000000000000006862685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a4d6227c4d03542022-01-05 09:21:21.959root 11241100x80000000000000006862686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84217f6b376b089a2022-01-05 09:21:21.960root 11241100x80000000000000006862687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2edfa5794462122022-01-05 09:21:21.960root 11241100x80000000000000006862688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa1f593dfc97fec2022-01-05 09:21:21.960root 11241100x80000000000000006862689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f8f0ddd94f35f2022-01-05 09:21:22.459root 11241100x80000000000000006862690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce6fcef9a15e3232022-01-05 09:21:22.459root 11241100x80000000000000006862691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d157b6e2d05ca2022-01-05 09:21:22.459root 11241100x80000000000000006862692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97c6367397f5cec2022-01-05 09:21:22.459root 11241100x80000000000000006862693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c903fbf2588a00e2022-01-05 09:21:22.460root 11241100x80000000000000006862694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328ed4958fdf82e2022-01-05 09:21:22.460root 11241100x80000000000000006862695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bef03db99016522022-01-05 09:21:22.460root 11241100x80000000000000006862696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad3d7a57c2a6c762022-01-05 09:21:22.959root 11241100x80000000000000006862697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143c0f9889155cee2022-01-05 09:21:22.959root 11241100x80000000000000006862698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa30b9d311f2e612022-01-05 09:21:22.959root 11241100x80000000000000006862699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f0ac4df46803632022-01-05 09:21:22.959root 11241100x80000000000000006862700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dfcc22e4e2ed7b2022-01-05 09:21:22.960root 11241100x80000000000000006862701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5078ca45af3483222022-01-05 09:21:22.960root 11241100x80000000000000006862702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:22.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772cf29694fa6ff92022-01-05 09:21:22.960root 11241100x80000000000000006862703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a597837b2ef76722022-01-05 09:21:23.459root 11241100x80000000000000006862704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a6bba691c41d62022-01-05 09:21:23.459root 11241100x80000000000000006862705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fe6738d4c98cee2022-01-05 09:21:23.459root 11241100x80000000000000006862706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea76257ef7f40082022-01-05 09:21:23.459root 11241100x80000000000000006862707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f022a963b8754e2022-01-05 09:21:23.460root 11241100x80000000000000006862708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cef5c7c8800f422022-01-05 09:21:23.460root 11241100x80000000000000006862709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa14a6564f0572242022-01-05 09:21:23.460root 11241100x80000000000000006862710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d073fd6551d3d1902022-01-05 09:21:23.959root 11241100x80000000000000006862711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00fc3de75e3510682022-01-05 09:21:23.959root 11241100x80000000000000006862712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e128025efd146112022-01-05 09:21:23.959root 11241100x80000000000000006862713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a7d442c762ae02022-01-05 09:21:23.960root 11241100x80000000000000006862714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b015a54bb5006cb62022-01-05 09:21:23.960root 11241100x80000000000000006862715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6a58279405452f2022-01-05 09:21:23.960root 11241100x80000000000000006862716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:23.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c44b8bef46e1c4c2022-01-05 09:21:23.960root 11241100x80000000000000006862717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d8a1575cea3a1d2022-01-05 09:21:24.459root 11241100x80000000000000006862718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dfee91944fc0f12022-01-05 09:21:24.459root 11241100x80000000000000006862719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c22d746a74c6072022-01-05 09:21:24.459root 11241100x80000000000000006862720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d8cf983c8d87e42022-01-05 09:21:24.459root 11241100x80000000000000006862721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9825c520b5c1bf2022-01-05 09:21:24.460root 11241100x80000000000000006862722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d41e57b8c25976e2022-01-05 09:21:24.460root 11241100x80000000000000006862723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1aefdc6fa373442022-01-05 09:21:24.460root 23542300x80000000000000006862724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.876{ec2e79f3-62f8-61d5-8032-ea98a1550000}22931root/bin/nano/etc/.doas.conf.swp--- 534500x80000000000000006862725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.876{ec2e79f3-62f8-61d5-8032-ea98a1550000}22931/bin/nanoroot 11241100x80000000000000006862726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9e74ffbdd2873b2022-01-05 09:21:24.877root 11241100x80000000000000006862727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc0055f791412e62022-01-05 09:21:24.877root 11241100x80000000000000006862728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9594d2ca90def22022-01-05 09:21:24.877root 11241100x80000000000000006862729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ca6ceb69dfdb7a2022-01-05 09:21:24.877root 11241100x80000000000000006862730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a26f1aa85b471062022-01-05 09:21:24.878root 11241100x80000000000000006862731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e646e0f0c5c924af2022-01-05 09:21:24.878root 11241100x80000000000000006862732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62877e54d175d4162022-01-05 09:21:24.878root 534500x80000000000000006862733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.877{ec2e79f3-62f8-61d5-082e-1b6615560000}22930/usr/bin/sudoroot 11241100x80000000000000006862734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c53ec808fcc456a2022-01-05 09:21:24.878root 11241100x80000000000000006862735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:24.878{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d419f6511ee5adb52022-01-05 09:21:24.878root 11241100x80000000000000006862736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb941ce80527d032022-01-05 09:21:25.209root 11241100x80000000000000006862737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8010306a9778effa2022-01-05 09:21:25.209root 11241100x80000000000000006862738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626c7ba121970a502022-01-05 09:21:25.210root 11241100x80000000000000006862739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba5b9de13bffbb2022-01-05 09:21:25.210root 11241100x80000000000000006862740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4bf5193ed34b0d2022-01-05 09:21:25.210root 11241100x80000000000000006862741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8837edf6933834a92022-01-05 09:21:25.210root 11241100x80000000000000006862742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abff7eaee12e0002022-01-05 09:21:25.210root 11241100x80000000000000006862743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5804918c1557d1772022-01-05 09:21:25.210root 11241100x80000000000000006862744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30678c1a77b35fe2022-01-05 09:21:25.210root 11241100x80000000000000006862745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5d3cbbffc783bb2022-01-05 09:21:25.210root 11241100x80000000000000006862746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dbad059168b43c2022-01-05 09:21:25.709root 11241100x80000000000000006862747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c26d04f5acda692022-01-05 09:21:25.710root 11241100x80000000000000006862748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b218424f0565582c2022-01-05 09:21:25.710root 11241100x80000000000000006862749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d2ecfae27bdfa22022-01-05 09:21:25.710root 11241100x80000000000000006862750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07dfaa8e5e07fbda2022-01-05 09:21:25.710root 11241100x80000000000000006862751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcaeabc03e303a672022-01-05 09:21:25.710root 11241100x80000000000000006862752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26f3be67f991d0d2022-01-05 09:21:25.710root 11241100x80000000000000006862753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726cb9c7d07e5bd12022-01-05 09:21:25.710root 11241100x80000000000000006862754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fed1e8cf8e793e62022-01-05 09:21:25.710root 11241100x80000000000000006862755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f87fdbbc03be702022-01-05 09:21:25.710root 354300x80000000000000006862756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.013{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40720-false10.0.1.12-8000- 11241100x80000000000000006862757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dc06fcbf0e0fdc2022-01-05 09:21:26.014root 11241100x80000000000000006862758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777e9bb8adcd1af22022-01-05 09:21:26.014root 11241100x80000000000000006862759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c587cb2c76873af2022-01-05 09:21:26.014root 11241100x80000000000000006862760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aad359e4c861d3d2022-01-05 09:21:26.014root 11241100x80000000000000006862761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.014{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1430dd6b47ec2bc2022-01-05 09:21:26.014root 11241100x80000000000000006862762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7849dc788fd83c02022-01-05 09:21:26.015root 11241100x80000000000000006862763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985e7a99da2c7bfa2022-01-05 09:21:26.015root 11241100x80000000000000006862764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ba5f3c36b8f5512022-01-05 09:21:26.015root 11241100x80000000000000006862765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4214fe36d88b5222022-01-05 09:21:26.015root 11241100x80000000000000006862766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b61c701f81dfe72022-01-05 09:21:26.015root 11241100x80000000000000006862767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.015{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f97bbd43b44ae92022-01-05 09:21:26.015root 11241100x80000000000000006862768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a01092423e9b9a2022-01-05 09:21:26.459root 11241100x80000000000000006862769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58794919868b70af2022-01-05 09:21:26.459root 11241100x80000000000000006862770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e295a7c99bee4e2022-01-05 09:21:26.459root 11241100x80000000000000006862771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3d8f552f1b3532022-01-05 09:21:26.459root 11241100x80000000000000006862772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99de5641bc500f392022-01-05 09:21:26.460root 11241100x80000000000000006862773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4784fb384d8ed90b2022-01-05 09:21:26.460root 11241100x80000000000000006862774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7783035803f699fa2022-01-05 09:21:26.460root 11241100x80000000000000006862775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493065d0a05bef052022-01-05 09:21:26.460root 11241100x80000000000000006862776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f824170da0931c52022-01-05 09:21:26.460root 11241100x80000000000000006862777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dea7970529ff3662022-01-05 09:21:26.460root 11241100x80000000000000006862778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c30180f000f6342022-01-05 09:21:26.460root 11241100x80000000000000006862779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e233d526fa1f9532022-01-05 09:21:26.959root 11241100x80000000000000006862780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56fcbc796eb46ded2022-01-05 09:21:26.959root 11241100x80000000000000006862781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0698f307fe77ef02022-01-05 09:21:26.960root 11241100x80000000000000006862782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a4b948fc0767382022-01-05 09:21:26.960root 11241100x80000000000000006862783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4a1fd55daa15a2022-01-05 09:21:26.960root 11241100x80000000000000006862784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809ff14f3b469d802022-01-05 09:21:26.960root 11241100x80000000000000006862785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3d32b1f980ca692022-01-05 09:21:26.960root 11241100x80000000000000006862786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce6ad14a585d9b92022-01-05 09:21:26.960root 11241100x80000000000000006862787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c92b0f24f5fd82022-01-05 09:21:26.960root 11241100x80000000000000006862788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28dc7ddce995e32022-01-05 09:21:26.960root 11241100x80000000000000006862789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:26.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf0f2c742a889c2022-01-05 09:21:26.961root 11241100x80000000000000006862790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7017733bb6b100c2022-01-05 09:21:27.459root 11241100x80000000000000006862791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292e296efa22d76a2022-01-05 09:21:27.459root 11241100x80000000000000006862792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d03865185381dc52022-01-05 09:21:27.459root 11241100x80000000000000006862793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eafc37ade9c8f62022-01-05 09:21:27.459root 11241100x80000000000000006862794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9d92a506a48da72022-01-05 09:21:27.460root 11241100x80000000000000006862795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de0b3090ce21c8a2022-01-05 09:21:27.460root 11241100x80000000000000006862796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f862d302ba27efc42022-01-05 09:21:27.460root 11241100x80000000000000006862797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1b8d99a245fab42022-01-05 09:21:27.460root 11241100x80000000000000006862798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365aeb61a5e2de082022-01-05 09:21:27.460root 11241100x80000000000000006862799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9232c26f499e6a02022-01-05 09:21:27.460root 11241100x80000000000000006862800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c23825ed8494ff2022-01-05 09:21:27.461root 11241100x80000000000000006862801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247ede24fc1977372022-01-05 09:21:27.959root 11241100x80000000000000006862802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec7cc6f88a8db732022-01-05 09:21:27.959root 11241100x80000000000000006862803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401830b3576e06fc2022-01-05 09:21:27.959root 11241100x80000000000000006862804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dd70685ce570a22022-01-05 09:21:27.960root 11241100x80000000000000006862805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2550d01d768c3aa42022-01-05 09:21:27.960root 11241100x80000000000000006862806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751c9aef86c12d102022-01-05 09:21:27.960root 11241100x80000000000000006862807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf485a264556b2572022-01-05 09:21:27.960root 11241100x80000000000000006862808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95495908467166bf2022-01-05 09:21:27.960root 11241100x80000000000000006862809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac30fe9b825392b72022-01-05 09:21:27.960root 11241100x80000000000000006862810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ba1b334c66fcd92022-01-05 09:21:27.960root 11241100x80000000000000006862811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:27.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840f2bcd06689772022-01-05 09:21:27.961root 11241100x80000000000000006862812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671d5e940baa9ff72022-01-05 09:21:28.459root 11241100x80000000000000006862813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c717ce88135799e2022-01-05 09:21:28.459root 11241100x80000000000000006862814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf67535fc1b189d2022-01-05 09:21:28.460root 11241100x80000000000000006862815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa8d31038fe08922022-01-05 09:21:28.460root 11241100x80000000000000006862816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de09c39596599d62022-01-05 09:21:28.460root 11241100x80000000000000006862817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334bd222ed0036ec2022-01-05 09:21:28.460root 11241100x80000000000000006862818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0fab6bac7792bc2022-01-05 09:21:28.460root 11241100x80000000000000006862819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f356a86d6d22e3212022-01-05 09:21:28.460root 11241100x80000000000000006862820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cac0523fbfca0192022-01-05 09:21:28.460root 11241100x80000000000000006862821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654c8de2a951235d2022-01-05 09:21:28.460root 11241100x80000000000000006862822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086ef3230757f6d32022-01-05 09:21:28.461root 11241100x80000000000000006862823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15356a5b18c78e2022-01-05 09:21:28.959root 11241100x80000000000000006862824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d359d8a657200c2022-01-05 09:21:28.959root 11241100x80000000000000006862825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aae3fc9c414c9d82022-01-05 09:21:28.959root 11241100x80000000000000006862826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cfcb938db0dcef2022-01-05 09:21:28.960root 11241100x80000000000000006862827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3faed3847fc5d112022-01-05 09:21:28.960root 11241100x80000000000000006862828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a39212b567a0d482022-01-05 09:21:28.960root 11241100x80000000000000006862829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b007a89e6642dd22022-01-05 09:21:28.960root 11241100x80000000000000006862830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8b2397b41b233b2022-01-05 09:21:28.960root 11241100x80000000000000006862831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98f549d01afdc32022-01-05 09:21:28.960root 11241100x80000000000000006862832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278527296324b9fe2022-01-05 09:21:28.960root 11241100x80000000000000006862833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2659c54fc3e8faa12022-01-05 09:21:28.961root 11241100x80000000000000006862834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 09:21:29.402root 11241100x80000000000000006862835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9647027843f9eb172022-01-05 09:21:29.403root 11241100x80000000000000006862836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1557b529c206fd2022-01-05 09:21:29.403root 11241100x80000000000000006862837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49893bde554a0fa42022-01-05 09:21:29.403root 11241100x80000000000000006862838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3749c172edb83382022-01-05 09:21:29.403root 11241100x80000000000000006862839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e405cf4a234c76392022-01-05 09:21:29.403root 11241100x80000000000000006862840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6f92fd0e8ecfe2022-01-05 09:21:29.404root 11241100x80000000000000006862841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f9f0d432778d6f2022-01-05 09:21:29.404root 11241100x80000000000000006862842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aed68b074199742022-01-05 09:21:29.404root 11241100x80000000000000006862843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af262f3bd279182022-01-05 09:21:29.404root 11241100x80000000000000006862844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c892f07ce2ea3d692022-01-05 09:21:29.404root 11241100x80000000000000006862845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b914a4ba450f8a9c2022-01-05 09:21:29.404root 11241100x80000000000000006862846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97b62c8a16297532022-01-05 09:21:29.404root 11241100x80000000000000006862847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a7062e7a6fcea12022-01-05 09:21:29.404root 11241100x80000000000000006862848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7260b7c7a7b3bc22022-01-05 09:21:29.404root 11241100x80000000000000006862849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40888e3e7f2610372022-01-05 09:21:29.709root 11241100x80000000000000006862850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcd6cb5c22f16932022-01-05 09:21:29.709root 11241100x80000000000000006862851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b141fd17c70f512022-01-05 09:21:29.710root 11241100x80000000000000006862852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd97c702644a2e2022-01-05 09:21:29.710root 11241100x80000000000000006862853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68255263b9e9aa1c2022-01-05 09:21:29.711root 11241100x80000000000000006862854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c2264e6cab7bbb2022-01-05 09:21:29.711root 11241100x80000000000000006862855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af8c00e5b4660632022-01-05 09:21:29.711root 11241100x80000000000000006862856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af97cda77f4881492022-01-05 09:21:29.711root 11241100x80000000000000006862857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ceb5a3c352ebf22022-01-05 09:21:29.711root 11241100x80000000000000006862858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b043775a8a17fb8c2022-01-05 09:21:29.711root 11241100x80000000000000006862859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e37e80daa5fe632022-01-05 09:21:29.711root 11241100x80000000000000006862860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c362ec8556d43b2022-01-05 09:21:29.712root 11241100x80000000000000006862861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680842681d0026d92022-01-05 09:21:30.209root 11241100x80000000000000006862862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50358099dca7efc22022-01-05 09:21:30.209root 11241100x80000000000000006862863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ca0703653d86cc2022-01-05 09:21:30.210root 11241100x80000000000000006862864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011eeca5aa46ddb72022-01-05 09:21:30.210root 11241100x80000000000000006862865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da1e3ed69f278f2022-01-05 09:21:30.210root 11241100x80000000000000006862866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92ad0cea1de6642022-01-05 09:21:30.210root 11241100x80000000000000006862867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87bafe23624d0a82022-01-05 09:21:30.210root 11241100x80000000000000006862868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927dc82022d1d7f82022-01-05 09:21:30.210root 11241100x80000000000000006862869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277870a56d6aac9e2022-01-05 09:21:30.210root 11241100x80000000000000006862870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba05b1ffb2aec7542022-01-05 09:21:30.211root 11241100x80000000000000006862871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e844a770f507894e2022-01-05 09:21:30.211root 11241100x80000000000000006862872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4b9cc582bff0ab2022-01-05 09:21:30.211root 11241100x80000000000000006862873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a6a1b49ffa99472022-01-05 09:21:30.709root 11241100x80000000000000006862874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0cf757e7dd612712022-01-05 09:21:30.709root 11241100x80000000000000006862875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2d9ea35336883b2022-01-05 09:21:30.710root 11241100x80000000000000006862876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec174c78da99c652022-01-05 09:21:30.710root 11241100x80000000000000006862877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976f24590c923d432022-01-05 09:21:30.710root 11241100x80000000000000006862878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b977e1d1727a41442022-01-05 09:21:30.710root 11241100x80000000000000006862879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1ce8248ab84a112022-01-05 09:21:30.710root 11241100x80000000000000006862880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1530a6b987b15b242022-01-05 09:21:30.710root 11241100x80000000000000006862881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feac32797138048f2022-01-05 09:21:30.711root 11241100x80000000000000006862882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28bb532d9a5eed42022-01-05 09:21:30.711root 11241100x80000000000000006862883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d43f81fffcdd9952022-01-05 09:21:30.711root 11241100x80000000000000006862884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5268810d93d18662022-01-05 09:21:30.711root 354300x80000000000000006862885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.144{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-40722-false10.0.1.12-8000- 11241100x80000000000000006862886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fe9fc62d0c5fea2022-01-05 09:21:31.145root 11241100x80000000000000006862887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.145{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.088fa7c4172958822022-01-05 09:21:31.145root 11241100x80000000000000006862888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6e2bec89cc03ab2022-01-05 09:21:31.146root 11241100x80000000000000006862889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c99ee9c7e3924172022-01-05 09:21:31.146root 11241100x80000000000000006862890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3b4168ec2302562022-01-05 09:21:31.146root 11241100x80000000000000006862891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff70cadead8a7ef2022-01-05 09:21:31.146root 11241100x80000000000000006862892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.146{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1db3964d3196632022-01-05 09:21:31.146root 11241100x80000000000000006862893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bb788c83e5ab942022-01-05 09:21:31.147root 11241100x80000000000000006862894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470390d6628213472022-01-05 09:21:31.147root 11241100x80000000000000006862895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6227ac659be14152022-01-05 09:21:31.147root 11241100x80000000000000006862896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286a853b5729e7182022-01-05 09:21:31.147root 11241100x80000000000000006862897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffca6d39cfc429612022-01-05 09:21:31.147root 11241100x80000000000000006862898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.147{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e863837f6e25a83e2022-01-05 09:21:31.147root 11241100x80000000000000006862899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b14bf5deaa015dc2022-01-05 09:21:31.459root 11241100x80000000000000006862900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b33d2ffea9c8df2022-01-05 09:21:31.460root 11241100x80000000000000006862901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49f1a29623ecb02022-01-05 09:21:31.460root 11241100x80000000000000006862902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54946d7d39731042022-01-05 09:21:31.460root 11241100x80000000000000006862903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6972293a17fc0502022-01-05 09:21:31.460root 11241100x80000000000000006862904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb86d995f7e5d252022-01-05 09:21:31.460root 11241100x80000000000000006862905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43867425c17fb9312022-01-05 09:21:31.460root 11241100x80000000000000006862906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c147377403458dc52022-01-05 09:21:31.460root 11241100x80000000000000006862907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636814f1a621f5a12022-01-05 09:21:31.460root 11241100x80000000000000006862908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765bc8a9d6a7534f2022-01-05 09:21:31.460root 11241100x80000000000000006862909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a23abcfa965bc2022-01-05 09:21:31.460root 11241100x80000000000000006862910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e01be12ae5105322022-01-05 09:21:31.460root 11241100x80000000000000006862911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a38228f1ecd7bb2022-01-05 09:21:31.460root 11241100x80000000000000006862912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e2a705b8aef73f2022-01-05 09:21:31.959root 11241100x80000000000000006862913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06da4b40d9e09fba2022-01-05 09:21:31.959root 11241100x80000000000000006862914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd1c9ae634aa4d32022-01-05 09:21:31.959root 11241100x80000000000000006862915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65210fb6ea84f5c2022-01-05 09:21:31.960root 11241100x80000000000000006862916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb668d203a3344262022-01-05 09:21:31.960root 11241100x80000000000000006862917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6cfeaebfcfd0922022-01-05 09:21:31.960root 11241100x80000000000000006862918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3670133869422eb2022-01-05 09:21:31.960root 11241100x80000000000000006862919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1b0898c47165762022-01-05 09:21:31.960root 11241100x80000000000000006862920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59bcd853ba785bc2022-01-05 09:21:31.960root 11241100x80000000000000006862921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68f7e5a9b229da32022-01-05 09:21:31.960root 11241100x80000000000000006862922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa67f3d051a8df2022-01-05 09:21:31.960root 11241100x80000000000000006862923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea84efaff593be32022-01-05 09:21:31.960root 11241100x80000000000000006862924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:31.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e28b64351279822022-01-05 09:21:31.961root 23542300x80000000000000006862925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.402{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006862926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c315fab60e3ebaf2022-01-05 09:21:32.403root 11241100x80000000000000006862927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.403{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290f8b2ae168a6772022-01-05 09:21:32.403root 11241100x80000000000000006862928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afea7bc2f4f1bcd2022-01-05 09:21:32.404root 11241100x80000000000000006862929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.404{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5a0b181a72a1112022-01-05 09:21:32.404root 11241100x80000000000000006862930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5cb1179867244a2022-01-05 09:21:32.405root 11241100x80000000000000006862931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611e423f5c32093c2022-01-05 09:21:32.405root 11241100x80000000000000006862932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.405{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef473a962e9649c2022-01-05 09:21:32.405root 11241100x80000000000000006862933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6628748e37190c7e2022-01-05 09:21:32.406root 11241100x80000000000000006862934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c56daaef667e0f2022-01-05 09:21:32.406root 11241100x80000000000000006862935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f487b05f9049e412022-01-05 09:21:32.406root 11241100x80000000000000006862936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6328fa66855374ee2022-01-05 09:21:32.406root 11241100x80000000000000006862937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.406{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2330dc93c94bfc2a2022-01-05 09:21:32.406root 11241100x80000000000000006862938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae11610595051c2022-01-05 09:21:32.407root 11241100x80000000000000006862939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e25baea921ffa82022-01-05 09:21:32.407root 11241100x80000000000000006862940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.407{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe5a935a959dd5a2022-01-05 09:21:32.407root 11241100x80000000000000006862941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0e9e4b5d136d272022-01-05 09:21:32.709root 11241100x80000000000000006862942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15bfac781b4107a2022-01-05 09:21:32.709root 11241100x80000000000000006862943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedeef2f509fbb6e2022-01-05 09:21:32.710root 11241100x80000000000000006862944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3580c7fa52d2e6592022-01-05 09:21:32.710root 11241100x80000000000000006862945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1051fecf0fd2fe782022-01-05 09:21:32.710root 11241100x80000000000000006862946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68868ddc27c3ac772022-01-05 09:21:32.710root 11241100x80000000000000006862947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9f01de9b89fd52022-01-05 09:21:32.710root 11241100x80000000000000006862948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39ca271c59ad5182022-01-05 09:21:32.710root 11241100x80000000000000006862949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10c5520f0d3c5062022-01-05 09:21:32.710root 11241100x80000000000000006862950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c24d8cd889d26ce2022-01-05 09:21:32.710root 11241100x80000000000000006862951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd49087c6aed42a42022-01-05 09:21:32.710root 11241100x80000000000000006862952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcbdf96733896962022-01-05 09:21:32.710root 11241100x80000000000000006862953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a404c14a6476b7a2022-01-05 09:21:32.710root 11241100x80000000000000006862954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bfbb89cb76792b2022-01-05 09:21:32.710root 11241100x80000000000000006862955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8592e37f6703e1162022-01-05 09:21:33.209root 11241100x80000000000000006862956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf51916f51b3a8c2022-01-05 09:21:33.209root 11241100x80000000000000006862957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce9d6d290fb20b72022-01-05 09:21:33.210root 11241100x80000000000000006862958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9245dad44731d8792022-01-05 09:21:33.210root 11241100x80000000000000006862959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb36a7fca23f0902022-01-05 09:21:33.210root 11241100x80000000000000006862960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e19a5b3c41cf2452022-01-05 09:21:33.210root 11241100x80000000000000006862961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ae36bf688a32d2022-01-05 09:21:33.210root 11241100x80000000000000006862962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d28bd5dcefd5912022-01-05 09:21:33.210root 11241100x80000000000000006862963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455d74190534734b2022-01-05 09:21:33.210root 11241100x80000000000000006862964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e806ea901fae62022-01-05 09:21:33.210root 11241100x80000000000000006862965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4f63677be242022022-01-05 09:21:33.210root 11241100x80000000000000006862966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64b024f7baf20fe2022-01-05 09:21:33.210root 11241100x80000000000000006862967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88240cf3bb52edd2022-01-05 09:21:33.211root 11241100x80000000000000006862968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1133626a6528b9f2022-01-05 09:21:33.211root 354300x80000000000000006862969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.447{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-41204-false10.0.1.12-8089- 11241100x80000000000000006862970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ea1e22c61ed4222022-01-05 09:21:33.709root 11241100x80000000000000006862971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac35a391be602f62022-01-05 09:21:33.709root 11241100x80000000000000006862972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1e740f471e9bbf2022-01-05 09:21:33.709root 11241100x80000000000000006862973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d87c154e527a6ed2022-01-05 09:21:33.709root 11241100x80000000000000006862974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db3d23d2a1527f82022-01-05 09:21:33.709root 11241100x80000000000000006862975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfc804a6e2f15972022-01-05 09:21:33.710root 11241100x80000000000000006862976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad15595ae8dbb8b32022-01-05 09:21:33.710root 11241100x80000000000000006862977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802c9cc915aa0fcb2022-01-05 09:21:33.710root 11241100x80000000000000006862978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d443c52b7916b9502022-01-05 09:21:33.710root 11241100x80000000000000006862979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d97ffdc4d9637bc2022-01-05 09:21:33.710root 11241100x80000000000000006862980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94474f8b2211c112022-01-05 09:21:33.710root 11241100x80000000000000006862981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb83050a07db9ae2022-01-05 09:21:33.710root 11241100x80000000000000006862982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f03b93f32160912022-01-05 09:21:33.710root 11241100x80000000000000006862983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 09:21:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd