11241100x80000000000000006953038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f51474978c4a17a2022-01-05 10:00:39.209root 11241100x80000000000000006953039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9acf7793c9ae002022-01-05 10:00:39.210root 11241100x80000000000000006953040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3686354038cf7ccb2022-01-05 10:00:39.210root 11241100x80000000000000006953041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30eb96321385e882022-01-05 10:00:39.210root 11241100x80000000000000006953042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c48c3a8eb37e35c2022-01-05 10:00:39.210root 11241100x80000000000000006953043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d0b8dcbf628cb2022-01-05 10:00:39.210root 11241100x80000000000000006953044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3653550f8d92952022-01-05 10:00:39.210root 11241100x80000000000000006953045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e756f396a70da702022-01-05 10:00:39.210root 11241100x80000000000000006953046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74702e5ffa87c3df2022-01-05 10:00:39.210root 11241100x80000000000000006953047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d578d1abd1378902022-01-05 10:00:39.210root 11241100x80000000000000006953048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5195b6f977b453d32022-01-05 10:00:39.210root 11241100x80000000000000006953049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f58dfa4855bcb462022-01-05 10:00:39.210root 11241100x80000000000000006953050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd55b2a3f606b0b2022-01-05 10:00:39.210root 11241100x80000000000000006953051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39d62ac9bdb8bc42022-01-05 10:00:39.210root 11241100x80000000000000006953052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8278a10b31c7442022-01-05 10:00:39.210root 11241100x80000000000000006953053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9938e245d03a7d7b2022-01-05 10:00:39.709root 11241100x80000000000000006953054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a847ce10ad33fd2022-01-05 10:00:39.710root 11241100x80000000000000006953055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1688f1a6b4626c932022-01-05 10:00:39.710root 11241100x80000000000000006953056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9f19572dbcc242022-01-05 10:00:39.710root 11241100x80000000000000006953057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d054b8f7473eb882022-01-05 10:00:39.710root 11241100x80000000000000006953058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c08b467586a05262022-01-05 10:00:39.710root 11241100x80000000000000006953059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a50ed344f1acd472022-01-05 10:00:39.710root 11241100x80000000000000006953060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595cb167cd3f88622022-01-05 10:00:39.710root 11241100x80000000000000006953061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d83aaeb6a342212022-01-05 10:00:39.710root 11241100x80000000000000006953062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d7f7f0eb2ae6db2022-01-05 10:00:39.710root 11241100x80000000000000006953063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9eb1d3d048f6ff2022-01-05 10:00:39.710root 11241100x80000000000000006953064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e93c59bd65fb0b2022-01-05 10:00:39.710root 11241100x80000000000000006953065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d13205acb27f32022-01-05 10:00:39.710root 11241100x80000000000000006953066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c51e4254c8f4f22022-01-05 10:00:39.710root 11241100x80000000000000006953067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ba16fc972405dc2022-01-05 10:00:39.710root 11241100x80000000000000006953068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec8c9fc146d68dc2022-01-05 10:00:40.209root 11241100x80000000000000006953069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd607981631caa42022-01-05 10:00:40.210root 11241100x80000000000000006953070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99613ff79b3d9322022-01-05 10:00:40.210root 11241100x80000000000000006953071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036450211547135b2022-01-05 10:00:40.210root 11241100x80000000000000006953072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d2e00a6b1ed032022-01-05 10:00:40.210root 11241100x80000000000000006953073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d6fd7a09891da02022-01-05 10:00:40.210root 11241100x80000000000000006953074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1af3d77a92bc3a2022-01-05 10:00:40.210root 11241100x80000000000000006953075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82648dafd8def9fd2022-01-05 10:00:40.210root 11241100x80000000000000006953076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9681d2db2b134a3b2022-01-05 10:00:40.210root 11241100x80000000000000006953077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7aaaf14c9729342022-01-05 10:00:40.210root 11241100x80000000000000006953078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e02738cbb5cd9482022-01-05 10:00:40.210root 11241100x80000000000000006953079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b407e4e67db58252022-01-05 10:00:40.210root 11241100x80000000000000006953080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb69e368805e21d2022-01-05 10:00:40.210root 11241100x80000000000000006953081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720dd9c13066a8e52022-01-05 10:00:40.210root 11241100x80000000000000006953082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69e046393a7028a2022-01-05 10:00:40.210root 11241100x80000000000000006953083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bafe0d167ed1582022-01-05 10:00:40.709root 11241100x80000000000000006953084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f205dc6c179312c72022-01-05 10:00:40.710root 11241100x80000000000000006953085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d529cf8a467e32022-01-05 10:00:40.710root 11241100x80000000000000006953086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728feb3d0a3f70bb2022-01-05 10:00:40.710root 11241100x80000000000000006953087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250ea3cc08c457732022-01-05 10:00:40.710root 11241100x80000000000000006953088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b67d7d31e601992022-01-05 10:00:40.710root 11241100x80000000000000006953089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06623cb82a0635352022-01-05 10:00:40.710root 11241100x80000000000000006953090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295c0bac8f4f668d2022-01-05 10:00:40.710root 11241100x80000000000000006953091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486424ba750f0d9a2022-01-05 10:00:40.710root 11241100x80000000000000006953092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7226eb547791d62022-01-05 10:00:40.710root 11241100x80000000000000006953093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fecdd6f4cb38dc2022-01-05 10:00:40.710root 11241100x80000000000000006953094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc606c13ae0964522022-01-05 10:00:40.710root 11241100x80000000000000006953095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb625f5aeacec072022-01-05 10:00:40.710root 11241100x80000000000000006953096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be06b8d2492d32f2022-01-05 10:00:40.710root 11241100x80000000000000006953097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5bdafbf44e9d162022-01-05 10:00:40.710root 11241100x80000000000000006953098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a16c35b4a7ee3982022-01-05 10:00:41.209root 11241100x80000000000000006953099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df560a4074ce193e2022-01-05 10:00:41.210root 11241100x80000000000000006953100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4dd235ef8eda442022-01-05 10:00:41.210root 11241100x80000000000000006953101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed0935f16f0af7c2022-01-05 10:00:41.210root 11241100x80000000000000006953102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea153ca573806712022-01-05 10:00:41.210root 11241100x80000000000000006953103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1857922deca1de8d2022-01-05 10:00:41.210root 11241100x80000000000000006953104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df46bb6f66368e682022-01-05 10:00:41.210root 11241100x80000000000000006953105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8da582fa58cb4382022-01-05 10:00:41.210root 11241100x80000000000000006953106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f06896817b79ed2022-01-05 10:00:41.210root 11241100x80000000000000006953107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67227c29a68c49d02022-01-05 10:00:41.210root 11241100x80000000000000006953108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd852c62f3f427662022-01-05 10:00:41.210root 11241100x80000000000000006953109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b041f6505bebd6082022-01-05 10:00:41.210root 11241100x80000000000000006953110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5143b1069de8f12022-01-05 10:00:41.210root 11241100x80000000000000006953111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b42206283dd6f2022-01-05 10:00:41.210root 11241100x80000000000000006953112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c527cbb280ea4f5f2022-01-05 10:00:41.211root 11241100x80000000000000006953113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31df290b13013992022-01-05 10:00:41.709root 11241100x80000000000000006953114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2434ba5542c96bd72022-01-05 10:00:41.710root 11241100x80000000000000006953115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4626a28848043862022-01-05 10:00:41.710root 11241100x80000000000000006953116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96854e25a1a531ec2022-01-05 10:00:41.710root 11241100x80000000000000006953117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c25cb5731a8f0722022-01-05 10:00:41.710root 11241100x80000000000000006953118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06aa904634105ea92022-01-05 10:00:41.710root 11241100x80000000000000006953119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc08b46ee2e36282022-01-05 10:00:41.710root 11241100x80000000000000006953120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649d36415db8f17d2022-01-05 10:00:41.710root 11241100x80000000000000006953121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5979309c7b61c382022-01-05 10:00:41.710root 11241100x80000000000000006953122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7f24cabdb040d2022-01-05 10:00:41.710root 11241100x80000000000000006953123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f996abfe1995a92022-01-05 10:00:41.710root 11241100x80000000000000006953124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4585cfd8371fef2022-01-05 10:00:41.710root 11241100x80000000000000006953125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0168014949ccb04d2022-01-05 10:00:41.710root 11241100x80000000000000006953126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f530f7d399d8660c2022-01-05 10:00:41.710root 11241100x80000000000000006953127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92578ba11481150a2022-01-05 10:00:41.711root 11241100x80000000000000006953128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc1f772b89fc6252022-01-05 10:00:42.210root 11241100x80000000000000006953129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea0457b186f69372022-01-05 10:00:42.210root 11241100x80000000000000006953130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fcf4bc66be1ab22022-01-05 10:00:42.210root 11241100x80000000000000006953131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5a2ad4c0b79cc52022-01-05 10:00:42.210root 11241100x80000000000000006953132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd22f94692d1c35d2022-01-05 10:00:42.210root 11241100x80000000000000006953133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496e5987d7816a572022-01-05 10:00:42.210root 11241100x80000000000000006953134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890c839e8a6f77e02022-01-05 10:00:42.210root 11241100x80000000000000006953135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f122f2516ea2c6ff2022-01-05 10:00:42.210root 11241100x80000000000000006953136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54b57ce129dab792022-01-05 10:00:42.210root 11241100x80000000000000006953137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4398df8b0504715e2022-01-05 10:00:42.210root 11241100x80000000000000006953138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72419ff702ec3a5a2022-01-05 10:00:42.210root 11241100x80000000000000006953139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce7a6bbcc8c12fb2022-01-05 10:00:42.210root 11241100x80000000000000006953140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96387c8f3e261d9f2022-01-05 10:00:42.210root 11241100x80000000000000006953141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b72e8a7991206fb2022-01-05 10:00:42.210root 11241100x80000000000000006953142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27deea84d413c0172022-01-05 10:00:42.211root 11241100x80000000000000006953143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6460695422db64222022-01-05 10:00:42.709root 11241100x80000000000000006953144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78938181f8ce4e6d2022-01-05 10:00:42.710root 11241100x80000000000000006953145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dedabb27616b76f2022-01-05 10:00:42.710root 11241100x80000000000000006953146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8731f356280bb0322022-01-05 10:00:42.710root 11241100x80000000000000006953147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3366b57c090718d12022-01-05 10:00:42.710root 11241100x80000000000000006953148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3e0f227632cc5c2022-01-05 10:00:42.710root 11241100x80000000000000006953149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacee56b0d3d2d252022-01-05 10:00:42.710root 11241100x80000000000000006953150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17aa40ed9afc5322022-01-05 10:00:42.710root 11241100x80000000000000006953151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb58b0a984c06ca42022-01-05 10:00:42.710root 11241100x80000000000000006953152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601291b820e31002022-01-05 10:00:42.710root 11241100x80000000000000006953153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcad84faa98a7dfb2022-01-05 10:00:42.710root 11241100x80000000000000006953154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf035aded58ce0a72022-01-05 10:00:42.710root 11241100x80000000000000006953155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06394d0851aa96102022-01-05 10:00:42.710root 11241100x80000000000000006953156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba3fb703fa434732022-01-05 10:00:42.710root 11241100x80000000000000006953157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e4278ea7d738a82022-01-05 10:00:42.710root 11241100x80000000000000006953158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf94d704ae94397f2022-01-05 10:00:43.209root 11241100x80000000000000006953159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a291b9a41d6d2ce2022-01-05 10:00:43.210root 11241100x80000000000000006953160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1b1bfcb87756322022-01-05 10:00:43.210root 11241100x80000000000000006953161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99a378173eecc1c2022-01-05 10:00:43.210root 11241100x80000000000000006953162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a096be9449837fd2022-01-05 10:00:43.210root 11241100x80000000000000006953163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4b35b2f182b1a32022-01-05 10:00:43.210root 11241100x80000000000000006953164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f1ebc46bb4fe42022-01-05 10:00:43.210root 11241100x80000000000000006953165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09703ec169fef3662022-01-05 10:00:43.210root 11241100x80000000000000006953166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf17d6e8f5473ede2022-01-05 10:00:43.210root 11241100x80000000000000006953167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9969d4d497436ad2022-01-05 10:00:43.210root 11241100x80000000000000006953168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f335cb7d0d8f2b2022-01-05 10:00:43.211root 11241100x80000000000000006953169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2ff353303c31552022-01-05 10:00:43.211root 11241100x80000000000000006953170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f9bc2a5685e0fa2022-01-05 10:00:43.211root 11241100x80000000000000006953171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6a8161261965c2022-01-05 10:00:43.211root 11241100x80000000000000006953172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900ba1b12bde08022022-01-05 10:00:43.211root 11241100x80000000000000006953173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3b4533ca3aa03a2022-01-05 10:00:43.710root 11241100x80000000000000006953174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d442d32f9b231b2022-01-05 10:00:43.710root 11241100x80000000000000006953175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f8bc3489d74232022-01-05 10:00:43.710root 11241100x80000000000000006953176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8053d3e5d673cf2022-01-05 10:00:43.710root 11241100x80000000000000006953177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2c912b066f03cb2022-01-05 10:00:43.711root 11241100x80000000000000006953178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d862571196a2c92022-01-05 10:00:43.711root 11241100x80000000000000006953179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1b199b1e7aec902022-01-05 10:00:43.711root 11241100x80000000000000006953180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9300eb99e41e702022-01-05 10:00:43.711root 11241100x80000000000000006953181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1bae30782157682022-01-05 10:00:43.711root 11241100x80000000000000006953182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0732d08e988b9eef2022-01-05 10:00:43.712root 11241100x80000000000000006953183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d3621ec1c53e932022-01-05 10:00:43.712root 11241100x80000000000000006953184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6560b09d3be9d4fa2022-01-05 10:00:43.712root 11241100x80000000000000006953185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae986d03067ed12022-01-05 10:00:43.712root 11241100x80000000000000006953186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc43807c78d327b2022-01-05 10:00:43.712root 11241100x80000000000000006953187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fb3aab258107372022-01-05 10:00:43.712root 354300x80000000000000006953188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.125{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41668-false10.0.1.12-8000- 11241100x80000000000000006953189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c935703e6b00d52022-01-05 10:00:44.126root 11241100x80000000000000006953190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9df6059253182372022-01-05 10:00:44.126root 11241100x80000000000000006953191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb09f0be0b0036ac2022-01-05 10:00:44.126root 11241100x80000000000000006953192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.126{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f7381ed7171ef32022-01-05 10:00:44.126root 11241100x80000000000000006953193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac64cd6098931362022-01-05 10:00:44.127root 11241100x80000000000000006953194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad16edea517aba72022-01-05 10:00:44.127root 11241100x80000000000000006953195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27e7f155689c8302022-01-05 10:00:44.127root 11241100x80000000000000006953196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.127{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59c4c63f7f2efb02022-01-05 10:00:44.127root 11241100x80000000000000006953197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fdb08c758986662022-01-05 10:00:44.128root 11241100x80000000000000006953198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22460a820dfde042022-01-05 10:00:44.128root 11241100x80000000000000006953199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b4f423e9048b392022-01-05 10:00:44.128root 11241100x80000000000000006953200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f796d94bb3f0cbb2022-01-05 10:00:44.128root 11241100x80000000000000006953201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.128{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7146e047ec6438942022-01-05 10:00:44.128root 11241100x80000000000000006953202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655e51171e8803ac2022-01-05 10:00:44.129root 11241100x80000000000000006953203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef802fb12478c72022-01-05 10:00:44.129root 11241100x80000000000000006953204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6cbb9a2aacd3fa2022-01-05 10:00:44.129root 11241100x80000000000000006953205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50df1902073d20a2022-01-05 10:00:44.129root 11241100x80000000000000006953206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.129{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fa0e12839e8aa12022-01-05 10:00:44.129root 11241100x80000000000000006953207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc71d9d29bb1a5b2022-01-05 10:00:44.459root 11241100x80000000000000006953208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9def6449475a862022-01-05 10:00:44.460root 11241100x80000000000000006953209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d18bf48bfcaf492022-01-05 10:00:44.460root 11241100x80000000000000006953210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab2a5033788fc632022-01-05 10:00:44.460root 11241100x80000000000000006953211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0926beb942cb6b72022-01-05 10:00:44.460root 11241100x80000000000000006953212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06365379fd7739fb2022-01-05 10:00:44.460root 11241100x80000000000000006953213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa79fcc511e0652c2022-01-05 10:00:44.460root 11241100x80000000000000006953214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f1b0a3ba99a2a32022-01-05 10:00:44.460root 11241100x80000000000000006953215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6e28bb51db78ae2022-01-05 10:00:44.460root 11241100x80000000000000006953216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80e8a1286c9747c2022-01-05 10:00:44.460root 11241100x80000000000000006953217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a671514b8cb9836f2022-01-05 10:00:44.460root 11241100x80000000000000006953218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077b787b83992c042022-01-05 10:00:44.461root 11241100x80000000000000006953219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9221b824bcba632022-01-05 10:00:44.461root 11241100x80000000000000006953220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cdb4783322407b2022-01-05 10:00:44.461root 11241100x80000000000000006953221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b955fdfa5e4992022-01-05 10:00:44.461root 11241100x80000000000000006953222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdae37fc2a6ca6a42022-01-05 10:00:44.461root 11241100x80000000000000006953223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa329b9d49e1f502022-01-05 10:00:44.959root 11241100x80000000000000006953224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47063da92f7590a02022-01-05 10:00:44.960root 11241100x80000000000000006953225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a68e45fa5c50402022-01-05 10:00:44.960root 11241100x80000000000000006953226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aa280f65dddd4e2022-01-05 10:00:44.960root 11241100x80000000000000006953227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947a3b815042696e2022-01-05 10:00:44.960root 11241100x80000000000000006953228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50405352506b27e62022-01-05 10:00:44.960root 11241100x80000000000000006953229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63417742c44666942022-01-05 10:00:44.960root 11241100x80000000000000006953230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20d24dea4e17c812022-01-05 10:00:44.960root 11241100x80000000000000006953231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e10394b3a656722022-01-05 10:00:44.960root 11241100x80000000000000006953232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445f909237053c542022-01-05 10:00:44.960root 11241100x80000000000000006953233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d507a55f5827f9e32022-01-05 10:00:44.960root 11241100x80000000000000006953234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbf3b32e23690ee2022-01-05 10:00:44.961root 11241100x80000000000000006953235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff07c3debc196032022-01-05 10:00:44.961root 11241100x80000000000000006953236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3a50b2521297282022-01-05 10:00:44.961root 11241100x80000000000000006953237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613dc53aa7e7ea12022-01-05 10:00:44.961root 11241100x80000000000000006953238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8c73eb230e59512022-01-05 10:00:44.961root 11241100x80000000000000006953239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2ee1d8c19d036e2022-01-05 10:00:45.459root 11241100x80000000000000006953240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5dfd955c30d28f2022-01-05 10:00:45.460root 11241100x80000000000000006953241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033f3369592c2ff02022-01-05 10:00:45.460root 11241100x80000000000000006953242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1e1121a3eb7a4a2022-01-05 10:00:45.460root 11241100x80000000000000006953243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3171973a3df4e2022-01-05 10:00:45.460root 11241100x80000000000000006953244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f67fbb9620aee82022-01-05 10:00:45.460root 11241100x80000000000000006953245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ee5b568c8ba31b2022-01-05 10:00:45.460root 11241100x80000000000000006953246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f79bf557bab4d922022-01-05 10:00:45.460root 11241100x80000000000000006953247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87bafa9f19b367a2022-01-05 10:00:45.460root 11241100x80000000000000006953248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bbfa6718f821452022-01-05 10:00:45.460root 11241100x80000000000000006953249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e544db4fe1884c582022-01-05 10:00:45.460root 11241100x80000000000000006953250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51946c93a389593b2022-01-05 10:00:45.460root 11241100x80000000000000006953251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8d39756ff93dad2022-01-05 10:00:45.460root 11241100x80000000000000006953252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe0b6c4529a4d22022-01-05 10:00:45.460root 11241100x80000000000000006953253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed724386020880992022-01-05 10:00:45.460root 11241100x80000000000000006953254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f178cb9b50da5fee2022-01-05 10:00:45.460root 11241100x80000000000000006953255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a87a08d0f2991272022-01-05 10:00:45.959root 11241100x80000000000000006953256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f24e1b529f3ceb92022-01-05 10:00:45.960root 11241100x80000000000000006953257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9bec6878d875d42022-01-05 10:00:45.960root 11241100x80000000000000006953258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a913517a630cb8df2022-01-05 10:00:45.960root 11241100x80000000000000006953259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b177e73af394902022-01-05 10:00:45.960root 11241100x80000000000000006953260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf2a5baa53b1b392022-01-05 10:00:45.960root 11241100x80000000000000006953261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95296e3757980cbc2022-01-05 10:00:45.960root 11241100x80000000000000006953262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a31347a618306662022-01-05 10:00:45.960root 11241100x80000000000000006953263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a10c1db7bb449e2022-01-05 10:00:45.960root 11241100x80000000000000006953264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4831303d7acd73d2022-01-05 10:00:45.960root 11241100x80000000000000006953265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d0034b7526e54c2022-01-05 10:00:45.960root 11241100x80000000000000006953266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830e0258a77e852b2022-01-05 10:00:45.960root 11241100x80000000000000006953267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59519175d29b9b172022-01-05 10:00:45.960root 11241100x80000000000000006953268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f9b04f0cd299e52022-01-05 10:00:45.960root 11241100x80000000000000006953269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8801a376bd613be52022-01-05 10:00:45.960root 11241100x80000000000000006953270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9a558879d0424a2022-01-05 10:00:45.961root 154100x80000000000000006953271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.449{ec2e79f3-6c4e-61d5-6814-0b7545560000}23001/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006953272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40910e327f916edf2022-01-05 10:00:46.451root 11241100x80000000000000006953273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e66445203380fbc2022-01-05 10:00:46.451root 11241100x80000000000000006953274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b6dc6e4e093d062022-01-05 10:00:46.451root 11241100x80000000000000006953275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af660c6e56aa086e2022-01-05 10:00:46.451root 11241100x80000000000000006953276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078306f6b33a4af62022-01-05 10:00:46.451root 11241100x80000000000000006953277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc75d9bb6e4248c22022-01-05 10:00:46.451root 11241100x80000000000000006953278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b38470a07ca4fc12022-01-05 10:00:46.451root 11241100x80000000000000006953279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969e3968415518aa2022-01-05 10:00:46.451root 11241100x80000000000000006953280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aa44a79632b5472022-01-05 10:00:46.451root 11241100x80000000000000006953281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7fc6347984a8bf2022-01-05 10:00:46.451root 11241100x80000000000000006953282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ee282a6d88eafc2022-01-05 10:00:46.451root 11241100x80000000000000006953283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9fa14fce47a82a2022-01-05 10:00:46.451root 11241100x80000000000000006953284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb472b5ee9ba0e72022-01-05 10:00:46.451root 11241100x80000000000000006953285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.451{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85cb13d9f8cd61b2022-01-05 10:00:46.451root 11241100x80000000000000006953286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8997e85e07d4199c2022-01-05 10:00:46.452root 11241100x80000000000000006953287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b965db8083a5b0e2022-01-05 10:00:46.452root 11241100x80000000000000006953288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54f20f53b73ff182022-01-05 10:00:46.452root 11241100x80000000000000006953289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb54943f8223f7232022-01-05 10:00:46.452root 11241100x80000000000000006953290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fef6f8007421ebe2022-01-05 10:00:46.452root 11241100x80000000000000006953291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b1ca0f68752b122022-01-05 10:00:46.452root 11241100x80000000000000006953292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60cb961acde13272022-01-05 10:00:46.452root 11241100x80000000000000006953293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21dedda2472e31f2022-01-05 10:00:46.452root 11241100x80000000000000006953294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d975ed5151b11c02022-01-05 10:00:46.452root 11241100x80000000000000006953295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4817506653e343e82022-01-05 10:00:46.452root 11241100x80000000000000006953296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c06ef1ff62d5fc62022-01-05 10:00:46.452root 11241100x80000000000000006953297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed63c8773297e62022-01-05 10:00:46.452root 11241100x80000000000000006953298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.452{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9fdc94b047d94d2022-01-05 10:00:46.452root 11241100x80000000000000006953299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed162f712c5b1df2022-01-05 10:00:46.453root 11241100x80000000000000006953300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94080ce4a9b7140c2022-01-05 10:00:46.453root 11241100x80000000000000006953301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f491864e4d8239032022-01-05 10:00:46.453root 11241100x80000000000000006953302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7568e44bf81dd442022-01-05 10:00:46.453root 11241100x80000000000000006953303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779abacbbda9fd262022-01-05 10:00:46.453root 11241100x80000000000000006953304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609d39e12d5d24c52022-01-05 10:00:46.453root 11241100x80000000000000006953305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.453{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b57dd983742bf722022-01-05 10:00:46.453root 11241100x80000000000000006953306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bc76180e9045592022-01-05 10:00:46.454root 11241100x80000000000000006953307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7e0b01fc9c8b9f2022-01-05 10:00:46.454root 11241100x80000000000000006953308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187a13e1eefe64202022-01-05 10:00:46.454root 11241100x80000000000000006953309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5884f5ff160f1ce72022-01-05 10:00:46.454root 11241100x80000000000000006953310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4d569b029f5de22022-01-05 10:00:46.454root 11241100x80000000000000006953311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdff62ef2d6dcd92022-01-05 10:00:46.454root 11241100x80000000000000006953312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.454{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b694740c32785c12022-01-05 10:00:46.454root 11241100x80000000000000006953313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a92694ed3900ea2022-01-05 10:00:46.455root 11241100x80000000000000006953314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c068dc5b92514d92022-01-05 10:00:46.455root 11241100x80000000000000006953315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6b2cbcacb01dc42022-01-05 10:00:46.455root 11241100x80000000000000006953316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233b1b421a5d752b2022-01-05 10:00:46.455root 11241100x80000000000000006953317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b4507f4fc27092022-01-05 10:00:46.455root 11241100x80000000000000006953318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d377f768162a98f12022-01-05 10:00:46.455root 11241100x80000000000000006953319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26acc0fafa1022522022-01-05 10:00:46.455root 11241100x80000000000000006953320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.455{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab0e313751faa6f2022-01-05 10:00:46.455root 534500x80000000000000006953321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.474{ec2e79f3-6c4e-61d5-6814-0b7545560000}23001/bin/psroot 11241100x80000000000000006953322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674e492bdcdb67b22022-01-05 10:00:46.709root 11241100x80000000000000006953323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a8eba24fa9293d2022-01-05 10:00:46.710root 11241100x80000000000000006953324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49119c6d1d255aa2022-01-05 10:00:46.710root 11241100x80000000000000006953325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f541a3fc047e002022-01-05 10:00:46.710root 11241100x80000000000000006953326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd20987054b6b422022-01-05 10:00:46.710root 11241100x80000000000000006953327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad51c7542e251c32022-01-05 10:00:46.710root 11241100x80000000000000006953328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cd629a95c8ac4a2022-01-05 10:00:46.710root 11241100x80000000000000006953329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580a77f0bad94f692022-01-05 10:00:46.710root 11241100x80000000000000006953330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921abb7a83b7b0692022-01-05 10:00:46.710root 11241100x80000000000000006953331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2970f7b835acad2022-01-05 10:00:46.710root 11241100x80000000000000006953332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75002e5453dffad92022-01-05 10:00:46.710root 11241100x80000000000000006953333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f6ca332805b342022-01-05 10:00:46.710root 11241100x80000000000000006953334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468ecc2a8555f0642022-01-05 10:00:46.710root 11241100x80000000000000006953335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf6c520a30d91e12022-01-05 10:00:46.710root 11241100x80000000000000006953336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f2496ba06bc7e42022-01-05 10:00:46.710root 11241100x80000000000000006953337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60477f214b1ae2af2022-01-05 10:00:46.711root 11241100x80000000000000006953338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c68ee40a82fbcc2022-01-05 10:00:46.711root 11241100x80000000000000006953339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:46.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ddaf0919f925b02022-01-05 10:00:46.711root 11241100x80000000000000006953340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea17fd04d48bcfc2022-01-05 10:00:47.210root 11241100x80000000000000006953341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05456d5b13b0ac82022-01-05 10:00:47.210root 11241100x80000000000000006953342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e49065ab06565b2022-01-05 10:00:47.210root 11241100x80000000000000006953343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3561b37308f1296d2022-01-05 10:00:47.210root 11241100x80000000000000006953344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998af5a071cfd8c02022-01-05 10:00:47.210root 11241100x80000000000000006953345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9060ef0381cca72022-01-05 10:00:47.210root 11241100x80000000000000006953346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac015a9ed22d69d2022-01-05 10:00:47.210root 11241100x80000000000000006953347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b97328004d24b82022-01-05 10:00:47.210root 11241100x80000000000000006953348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eada77c328c9aa22022-01-05 10:00:47.210root 11241100x80000000000000006953349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c42f4642a6f7b022022-01-05 10:00:47.210root 11241100x80000000000000006953350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d89ef00d3ec9b72022-01-05 10:00:47.211root 11241100x80000000000000006953351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf796dbbf5233222022-01-05 10:00:47.211root 11241100x80000000000000006953352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db8191665cc66182022-01-05 10:00:47.211root 11241100x80000000000000006953353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0d71d77bc9ada2022-01-05 10:00:47.211root 11241100x80000000000000006953354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d19852b7dee255b2022-01-05 10:00:47.211root 11241100x80000000000000006953355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fb8aaba83056292022-01-05 10:00:47.211root 11241100x80000000000000006953356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c34fa40c525fb2022-01-05 10:00:47.211root 11241100x80000000000000006953357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb2c5e3786bf272022-01-05 10:00:47.211root 11241100x80000000000000006953358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469ce8c6463ef7962022-01-05 10:00:47.710root 11241100x80000000000000006953359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3e7a99de69b8922022-01-05 10:00:47.710root 11241100x80000000000000006953360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf67b63d23af5d72022-01-05 10:00:47.710root 11241100x80000000000000006953361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e459c7a41b742f2022-01-05 10:00:47.710root 11241100x80000000000000006953362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa22215313bfdd9b2022-01-05 10:00:47.710root 11241100x80000000000000006953363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e7a1f778c6864f2022-01-05 10:00:47.710root 11241100x80000000000000006953364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a3a4c997af8f712022-01-05 10:00:47.710root 11241100x80000000000000006953365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2980459670ce397b2022-01-05 10:00:47.710root 11241100x80000000000000006953366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8936b726a5204d2022-01-05 10:00:47.710root 11241100x80000000000000006953367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f0a9b2e267c6402022-01-05 10:00:47.710root 11241100x80000000000000006953368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e507800c8f6d632022-01-05 10:00:47.710root 11241100x80000000000000006953369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd6c1dbbcfbfa0d2022-01-05 10:00:47.710root 11241100x80000000000000006953370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d5293d607131d02022-01-05 10:00:47.710root 11241100x80000000000000006953371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9af9ecaae6f5582022-01-05 10:00:47.711root 11241100x80000000000000006953372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af36713ef212fda2022-01-05 10:00:47.711root 11241100x80000000000000006953373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f36dc86b99e1072022-01-05 10:00:47.711root 11241100x80000000000000006953374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb0466cce09dc42022-01-05 10:00:47.711root 11241100x80000000000000006953375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:47.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caea36ebbd3b18d2022-01-05 10:00:47.711root 11241100x80000000000000006953376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b437a8138075e2022-01-05 10:00:48.209root 11241100x80000000000000006953377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ac5dce3635bbc22022-01-05 10:00:48.209root 11241100x80000000000000006953378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7c2349d5a2492c2022-01-05 10:00:48.210root 11241100x80000000000000006953379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c36902c452b2d382022-01-05 10:00:48.210root 11241100x80000000000000006953380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c93b44234658aaf2022-01-05 10:00:48.210root 11241100x80000000000000006953381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb03abf7be95be2022-01-05 10:00:48.210root 11241100x80000000000000006953382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34887280183f9de52022-01-05 10:00:48.210root 11241100x80000000000000006953383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29daa44dc4342e332022-01-05 10:00:48.210root 11241100x80000000000000006953384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1a40afed319d2d2022-01-05 10:00:48.210root 11241100x80000000000000006953385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1337b5f722e43582022-01-05 10:00:48.210root 11241100x80000000000000006953386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4760aea56ec16f12022-01-05 10:00:48.210root 11241100x80000000000000006953387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0f5680c55bca8f2022-01-05 10:00:48.211root 11241100x80000000000000006953388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5039c281165992b2022-01-05 10:00:48.211root 11241100x80000000000000006953389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9fea66132b475f2022-01-05 10:00:48.211root 11241100x80000000000000006953390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09d3d13bad87d422022-01-05 10:00:48.211root 11241100x80000000000000006953391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e29cebae3937a62022-01-05 10:00:48.211root 11241100x80000000000000006953392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9b47c9820e33152022-01-05 10:00:48.211root 11241100x80000000000000006953393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a02b4325f2793722022-01-05 10:00:48.211root 11241100x80000000000000006953394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bbb373d39d4fd02022-01-05 10:00:48.709root 11241100x80000000000000006953395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5035fe924986a3c22022-01-05 10:00:48.709root 11241100x80000000000000006953396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ddf9fe096b506f2022-01-05 10:00:48.709root 11241100x80000000000000006953397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d06ec1fe3348022022-01-05 10:00:48.709root 11241100x80000000000000006953398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008c3e1e8e8cdbcc2022-01-05 10:00:48.709root 11241100x80000000000000006953399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766491ab398b16482022-01-05 10:00:48.709root 11241100x80000000000000006953400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07e738aa99bc8092022-01-05 10:00:48.709root 11241100x80000000000000006953401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99de85e0cdcc2c22022-01-05 10:00:48.710root 11241100x80000000000000006953402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2fb48a235b1aad2022-01-05 10:00:48.710root 11241100x80000000000000006953403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4321f285882bf2022-01-05 10:00:48.710root 11241100x80000000000000006953404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59304bbb05be6d8e2022-01-05 10:00:48.710root 11241100x80000000000000006953405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03eb535d3927d02022-01-05 10:00:48.710root 11241100x80000000000000006953406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cd9d184309fbcf2022-01-05 10:00:48.710root 11241100x80000000000000006953407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5945fd0cb1206022022-01-05 10:00:48.710root 11241100x80000000000000006953408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769dfe4bf799a4982022-01-05 10:00:48.710root 11241100x80000000000000006953409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4de8429ba4c4e2022-01-05 10:00:48.710root 11241100x80000000000000006953410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9e1614bcdd1b462022-01-05 10:00:48.710root 11241100x80000000000000006953411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acf3dd16f17f2332022-01-05 10:00:48.710root 11241100x80000000000000006953412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803249f1d20c52dd2022-01-05 10:00:48.710root 11241100x80000000000000006953413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072ef068c70a84852022-01-05 10:00:48.710root 11241100x80000000000000006953414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697d934830d8b2232022-01-05 10:00:48.710root 11241100x80000000000000006953415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab32e4866aa31d992022-01-05 10:00:48.710root 11241100x80000000000000006953416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8edc52e80742bdc2022-01-05 10:00:48.710root 11241100x80000000000000006953417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254677f735e404bb2022-01-05 10:00:48.710root 11241100x80000000000000006953418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b4abe7ae008d3c2022-01-05 10:00:48.711root 11241100x80000000000000006953419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfbc451ef1bd0a92022-01-05 10:00:48.711root 11241100x80000000000000006953420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe78b64c2e701cbd2022-01-05 10:00:48.711root 11241100x80000000000000006953421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf9815564e36d2f2022-01-05 10:00:48.711root 11241100x80000000000000006953422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa4e6c12ab0c1d52022-01-05 10:00:48.711root 11241100x80000000000000006953423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e23c3709d708272022-01-05 10:00:48.711root 11241100x80000000000000006953424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49719603e7db6192022-01-05 10:00:48.711root 11241100x80000000000000006953425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a769c307e3a21e92022-01-05 10:00:48.711root 11241100x80000000000000006953426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970cad1e646c471b2022-01-05 10:00:48.711root 11241100x80000000000000006953427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98afb37d99fcbff62022-01-05 10:00:48.711root 11241100x80000000000000006953428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16b2b710bb61b5f2022-01-05 10:00:48.711root 11241100x80000000000000006953429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32165ef63fcf40992022-01-05 10:00:48.711root 11241100x80000000000000006953430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f241ada16ef4ba2022-01-05 10:00:48.711root 11241100x80000000000000006953431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad6e9ee5db8e03b2022-01-05 10:00:48.711root 11241100x80000000000000006953432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276970d55362c01b2022-01-05 10:00:48.712root 11241100x80000000000000006953433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a215a96033701912022-01-05 10:00:48.712root 11241100x80000000000000006953434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e439aa9d73b66712022-01-05 10:00:48.712root 11241100x80000000000000006953435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178f32a47c9c36432022-01-05 10:00:49.209root 11241100x80000000000000006953436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1527086536762eb92022-01-05 10:00:49.209root 11241100x80000000000000006953437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a665b9808fb3e932022-01-05 10:00:49.209root 11241100x80000000000000006953438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79701518c43e33e32022-01-05 10:00:49.209root 11241100x80000000000000006953439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590f923c845c9d892022-01-05 10:00:49.209root 11241100x80000000000000006953440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193e569c607a48402022-01-05 10:00:49.209root 11241100x80000000000000006953441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca385ed7ca2dc9262022-01-05 10:00:49.210root 11241100x80000000000000006953442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d518bc225e59adc2022-01-05 10:00:49.210root 11241100x80000000000000006953443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710c6a3c89cafa1b2022-01-05 10:00:49.210root 11241100x80000000000000006953444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef0a8ceb65f39002022-01-05 10:00:49.210root 11241100x80000000000000006953445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5e8041cf28ab402022-01-05 10:00:49.210root 11241100x80000000000000006953446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e703c6e5cff337992022-01-05 10:00:49.210root 11241100x80000000000000006953447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47b179cee91ffeb2022-01-05 10:00:49.210root 11241100x80000000000000006953448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f1859a50e5ea8c2022-01-05 10:00:49.210root 11241100x80000000000000006953449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fe017dead929ba2022-01-05 10:00:49.210root 11241100x80000000000000006953450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f47259c2c3b37d2022-01-05 10:00:49.210root 11241100x80000000000000006953451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25c26c09793296a2022-01-05 10:00:49.210root 11241100x80000000000000006953452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7ec6d8975b70412022-01-05 10:00:49.210root 11241100x80000000000000006953453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b62b6d9907f2d632022-01-05 10:00:49.210root 11241100x80000000000000006953454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc44fffbdc9255832022-01-05 10:00:49.210root 11241100x80000000000000006953455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72d2946eeee28192022-01-05 10:00:49.210root 11241100x80000000000000006953456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96736c269eebced12022-01-05 10:00:49.210root 11241100x80000000000000006953457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee7908397207fa72022-01-05 10:00:49.211root 11241100x80000000000000006953458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f2dc67e94b812f2022-01-05 10:00:49.211root 11241100x80000000000000006953459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88aec3936e0241b2022-01-05 10:00:49.211root 11241100x80000000000000006953460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448dab153fc0c4902022-01-05 10:00:49.211root 11241100x80000000000000006953461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d676c3f1e9d4b872022-01-05 10:00:49.211root 11241100x80000000000000006953462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4e8a18eaf03b2d2022-01-05 10:00:49.211root 11241100x80000000000000006953463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa08053aa70bc722022-01-05 10:00:49.211root 11241100x80000000000000006953464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d43f779be6b01b12022-01-05 10:00:49.212root 11241100x80000000000000006953465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2d13bea7bef91e2022-01-05 10:00:49.212root 11241100x80000000000000006953466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd1b96ce703a1842022-01-05 10:00:49.212root 11241100x80000000000000006953467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36bb5b3a4b8db4a02022-01-05 10:00:49.212root 11241100x80000000000000006953468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc864a32ea193762022-01-05 10:00:49.709root 11241100x80000000000000006953469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097798cc3481593a2022-01-05 10:00:49.709root 11241100x80000000000000006953470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a55be0789732dd2022-01-05 10:00:49.709root 11241100x80000000000000006953471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c2488bad196bb42022-01-05 10:00:49.709root 11241100x80000000000000006953472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12102ef71332188b2022-01-05 10:00:49.709root 11241100x80000000000000006953473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa81f7857cb78182022-01-05 10:00:49.710root 11241100x80000000000000006953474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568f11a6ffb507fe2022-01-05 10:00:49.710root 11241100x80000000000000006953475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb4ada7079633852022-01-05 10:00:49.710root 11241100x80000000000000006953476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e6bb66190c74c2022-01-05 10:00:49.710root 11241100x80000000000000006953477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80b7f1ffb3c70c2022-01-05 10:00:49.710root 11241100x80000000000000006953478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6fb09c679ee5912022-01-05 10:00:49.710root 11241100x80000000000000006953479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.febe5ac801f44c662022-01-05 10:00:49.710root 11241100x80000000000000006953480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec020230e961b3e2022-01-05 10:00:49.710root 11241100x80000000000000006953481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d11117bbee1ce12022-01-05 10:00:49.710root 11241100x80000000000000006953482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a312b7879dfdd12e2022-01-05 10:00:49.710root 11241100x80000000000000006953483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcc04995eba95f22022-01-05 10:00:49.710root 11241100x80000000000000006953484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706c8c7897e1beac2022-01-05 10:00:49.710root 11241100x80000000000000006953485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb76b3abc7cab5032022-01-05 10:00:49.711root 354300x80000000000000006953486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.037{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41670-false10.0.1.12-8000- 11241100x80000000000000006953487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e743ce18ab1daf2022-01-05 10:00:50.038root 11241100x80000000000000006953488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c854772a1842cb2022-01-05 10:00:50.038root 11241100x80000000000000006953489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03af58f307cdcad82022-01-05 10:00:50.038root 11241100x80000000000000006953490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42681b8cf5140a242022-01-05 10:00:50.038root 11241100x80000000000000006953491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab346e237c10278f2022-01-05 10:00:50.038root 11241100x80000000000000006953492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa72b7cd9bc5fe2022-01-05 10:00:50.038root 11241100x80000000000000006953493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe4a6c56ead19602022-01-05 10:00:50.038root 11241100x80000000000000006953494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008b3eafee61c4b32022-01-05 10:00:50.038root 11241100x80000000000000006953495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.038{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1429ab045597aa0a2022-01-05 10:00:50.038root 11241100x80000000000000006953496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9947ed7505d8b22022-01-05 10:00:50.039root 11241100x80000000000000006953497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1596ed3324882fcb2022-01-05 10:00:50.039root 11241100x80000000000000006953498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d8451eae27881e2022-01-05 10:00:50.039root 11241100x80000000000000006953499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891369ec1857e4b92022-01-05 10:00:50.039root 11241100x80000000000000006953500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2ac905cc319df22022-01-05 10:00:50.039root 11241100x80000000000000006953501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82cd12fda5c40c72022-01-05 10:00:50.039root 11241100x80000000000000006953502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b47333a6a71ceba2022-01-05 10:00:50.039root 11241100x80000000000000006953503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055b1b23644b71722022-01-05 10:00:50.039root 11241100x80000000000000006953504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.039{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838e1ba2004d7fbc2022-01-05 10:00:50.039root 11241100x80000000000000006953505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.040{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780e8958ff2885592022-01-05 10:00:50.040root 11241100x80000000000000006953506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.040{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06491322e065fc2022-01-05 10:00:50.040root 11241100x80000000000000006953507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d97af67e5d152e2022-01-05 10:00:50.041root 11241100x80000000000000006953508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd75f8d24376853a2022-01-05 10:00:50.041root 11241100x80000000000000006953509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a08400eb2e5302d2022-01-05 10:00:50.042root 11241100x80000000000000006953510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6389e4f0f4c19882022-01-05 10:00:50.459root 11241100x80000000000000006953511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d653a382f32ab30d2022-01-05 10:00:50.459root 11241100x80000000000000006953512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47adc7161c29008f2022-01-05 10:00:50.459root 11241100x80000000000000006953513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dd4450b021aea82022-01-05 10:00:50.460root 11241100x80000000000000006953514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262aaadc8a0cbc742022-01-05 10:00:50.460root 11241100x80000000000000006953515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c31f0db5bac19492022-01-05 10:00:50.460root 11241100x80000000000000006953516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9c91a7c7f16762022-01-05 10:00:50.460root 11241100x80000000000000006953517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8adeecec72e5962022-01-05 10:00:50.460root 11241100x80000000000000006953518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430113ad570b3be52022-01-05 10:00:50.460root 11241100x80000000000000006953519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141c9c429507bc112022-01-05 10:00:50.460root 11241100x80000000000000006953520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eba8f969ddfecd12022-01-05 10:00:50.460root 11241100x80000000000000006953521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949c17994d2aad0e2022-01-05 10:00:50.460root 11241100x80000000000000006953522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e3ce8ae7635dfd2022-01-05 10:00:50.460root 11241100x80000000000000006953523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680b07ec23b1f2842022-01-05 10:00:50.460root 11241100x80000000000000006953524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00515a04e9738b0f2022-01-05 10:00:50.460root 11241100x80000000000000006953525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6665da94944e702022-01-05 10:00:50.460root 11241100x80000000000000006953526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ee7d7b08c336222022-01-05 10:00:50.460root 11241100x80000000000000006953527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae82d268b41544282022-01-05 10:00:50.460root 11241100x80000000000000006953528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19afe33c715ab842022-01-05 10:00:50.460root 11241100x80000000000000006953529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9edd3804021682022-01-05 10:00:50.960root 11241100x80000000000000006953530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a82f5b2368ebbf2022-01-05 10:00:50.960root 11241100x80000000000000006953531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97ffcb99d1dd45f2022-01-05 10:00:50.960root 11241100x80000000000000006953532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dce04c934b38262022-01-05 10:00:50.960root 11241100x80000000000000006953533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b04cb2161ead1a72022-01-05 10:00:50.960root 11241100x80000000000000006953534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f9fb10c8c722052022-01-05 10:00:50.961root 11241100x80000000000000006953535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855911cc25b1e002022-01-05 10:00:50.961root 11241100x80000000000000006953536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b01ccc7b89966042022-01-05 10:00:50.961root 11241100x80000000000000006953537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5035188205ef6c002022-01-05 10:00:50.961root 11241100x80000000000000006953538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d9589e15fb686c2022-01-05 10:00:50.961root 11241100x80000000000000006953539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499b2ebedb7a9e9a2022-01-05 10:00:50.961root 11241100x80000000000000006953540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd371bee073d93692022-01-05 10:00:50.961root 11241100x80000000000000006953541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5133390cd8a3cb92022-01-05 10:00:50.961root 11241100x80000000000000006953542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b87ca36936563b2022-01-05 10:00:50.961root 11241100x80000000000000006953543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f7a8d92406a1352022-01-05 10:00:50.961root 11241100x80000000000000006953544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82690d52767000db2022-01-05 10:00:50.961root 11241100x80000000000000006953545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0de19375ceca02022-01-05 10:00:50.961root 11241100x80000000000000006953546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a6daff9453ce7a2022-01-05 10:00:50.961root 11241100x80000000000000006953547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:50.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aac30d93c98e4d2022-01-05 10:00:50.962root 11241100x80000000000000006953548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752663db4f14f0ec2022-01-05 10:00:51.460root 11241100x80000000000000006953549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5723763a04ba192022-01-05 10:00:51.460root 11241100x80000000000000006953550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98cba222e88cb472022-01-05 10:00:51.460root 11241100x80000000000000006953551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fac85aa07a754652022-01-05 10:00:51.460root 11241100x80000000000000006953552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96babeeaeef24652022-01-05 10:00:51.460root 11241100x80000000000000006953553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf05e13b78f47072022-01-05 10:00:51.460root 11241100x80000000000000006953554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e892e99a2610b02022-01-05 10:00:51.460root 11241100x80000000000000006953555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b09cebc22c79102022-01-05 10:00:51.460root 11241100x80000000000000006953556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f907f1d3e1b1e2a2022-01-05 10:00:51.460root 11241100x80000000000000006953557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b2e0606c1a5e12022-01-05 10:00:51.460root 11241100x80000000000000006953558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11a6209f8c6bfa2022-01-05 10:00:51.460root 11241100x80000000000000006953559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247851b1ce5c8082022-01-05 10:00:51.461root 11241100x80000000000000006953560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddda8c44fd514222022-01-05 10:00:51.461root 11241100x80000000000000006953561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633d8262028a34ec2022-01-05 10:00:51.461root 11241100x80000000000000006953562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c6f6febc21d88b2022-01-05 10:00:51.461root 11241100x80000000000000006953563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2233b07596b20132022-01-05 10:00:51.461root 11241100x80000000000000006953564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e84c918f719f7632022-01-05 10:00:51.461root 11241100x80000000000000006953565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb72505391c44e2022-01-05 10:00:51.461root 11241100x80000000000000006953566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b91b95fbba0eed22022-01-05 10:00:51.461root 11241100x80000000000000006953567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f0ca1377b75b002022-01-05 10:00:51.960root 11241100x80000000000000006953568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da14ed08c5a9f2d22022-01-05 10:00:51.960root 11241100x80000000000000006953569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a126705982f68ac02022-01-05 10:00:51.960root 11241100x80000000000000006953570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26615ccd6212421b2022-01-05 10:00:51.960root 11241100x80000000000000006953571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270d36731a64896d2022-01-05 10:00:51.960root 11241100x80000000000000006953572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df5705c79fae66f2022-01-05 10:00:51.960root 11241100x80000000000000006953573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e796b65ec26d0d062022-01-05 10:00:51.960root 11241100x80000000000000006953574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8afc2521d521ee2022-01-05 10:00:51.960root 11241100x80000000000000006953575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbfef1d748eac002022-01-05 10:00:51.960root 11241100x80000000000000006953576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5d5c1c8164e76c2022-01-05 10:00:51.961root 11241100x80000000000000006953577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396c71aad11e359b2022-01-05 10:00:51.961root 11241100x80000000000000006953578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c2c53e3de156f52022-01-05 10:00:51.961root 11241100x80000000000000006953579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0f4c1005c04c152022-01-05 10:00:51.961root 11241100x80000000000000006953580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc299797ba53ab2d2022-01-05 10:00:51.961root 11241100x80000000000000006953581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e673e7458fcd70292022-01-05 10:00:51.961root 11241100x80000000000000006953582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1a08d7b0c627562022-01-05 10:00:51.961root 11241100x80000000000000006953583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b81d1fb71f18fe2022-01-05 10:00:51.961root 11241100x80000000000000006953584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e82830bf4727a912022-01-05 10:00:51.961root 11241100x80000000000000006953585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:51.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aadb958e10706d32022-01-05 10:00:51.961root 11241100x80000000000000006953586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bd513c4d16d2e72022-01-05 10:00:52.460root 11241100x80000000000000006953587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbaf853426f3ecc2022-01-05 10:00:52.460root 11241100x80000000000000006953588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04377cce2cbd7d672022-01-05 10:00:52.461root 11241100x80000000000000006953589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218140fd721bceda2022-01-05 10:00:52.461root 11241100x80000000000000006953590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d99c387fab9f72022-01-05 10:00:52.461root 11241100x80000000000000006953591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53386119a054ec92022-01-05 10:00:52.461root 11241100x80000000000000006953592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a03b4174532f40f2022-01-05 10:00:52.461root 11241100x80000000000000006953593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bbda8f927666b72022-01-05 10:00:52.461root 11241100x80000000000000006953594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd91d491756f2d2022-01-05 10:00:52.461root 11241100x80000000000000006953595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9655e5183264f19e2022-01-05 10:00:52.461root 11241100x80000000000000006953596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881ae7a009e99bee2022-01-05 10:00:52.461root 11241100x80000000000000006953597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a040af2c6167c72022-01-05 10:00:52.461root 11241100x80000000000000006953598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaaf9deedf50b522022-01-05 10:00:52.462root 11241100x80000000000000006953599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e54f4bfc08f2072022-01-05 10:00:52.462root 11241100x80000000000000006953600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6d149c82b7977c2022-01-05 10:00:52.462root 11241100x80000000000000006953601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8f59381be8765f2022-01-05 10:00:52.462root 11241100x80000000000000006953602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6334d5f89bd246c2022-01-05 10:00:52.463root 11241100x80000000000000006953603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c3f1303e7df682022-01-05 10:00:52.463root 11241100x80000000000000006953604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50996011fd1c78aa2022-01-05 10:00:52.463root 11241100x80000000000000006953605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba27ec249c7af3a2022-01-05 10:00:52.960root 11241100x80000000000000006953606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d31c0f8fd001302022-01-05 10:00:52.960root 11241100x80000000000000006953607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4165185c9e8121702022-01-05 10:00:52.960root 11241100x80000000000000006953608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b304b8f9904e5d2022-01-05 10:00:52.960root 11241100x80000000000000006953609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dad6edbb92342162022-01-05 10:00:52.960root 11241100x80000000000000006953610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c724753a41ece92022-01-05 10:00:52.960root 11241100x80000000000000006953611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8734fb1b2749a9cb2022-01-05 10:00:52.960root 11241100x80000000000000006953612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b13093206b916b32022-01-05 10:00:52.961root 11241100x80000000000000006953613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acceaa9cbc4d906e2022-01-05 10:00:52.961root 11241100x80000000000000006953614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e5f31dc43c8af2022-01-05 10:00:52.961root 11241100x80000000000000006953615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf1b3d5c26b43562022-01-05 10:00:52.961root 11241100x80000000000000006953616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e4e1ebea86e9d2022-01-05 10:00:52.961root 11241100x80000000000000006953617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c551e6e097da10462022-01-05 10:00:52.961root 11241100x80000000000000006953618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ce13ba220c55b62022-01-05 10:00:52.961root 11241100x80000000000000006953619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57fcc0a3f758f572022-01-05 10:00:52.962root 11241100x80000000000000006953620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9bc181050739712022-01-05 10:00:52.962root 11241100x80000000000000006953621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979dc52ada9f30452022-01-05 10:00:52.962root 11241100x80000000000000006953622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d038d343f41cf4932022-01-05 10:00:52.962root 11241100x80000000000000006953623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:52.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1c326cdfe897d2022-01-05 10:00:52.962root 11241100x80000000000000006953624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2639506b3dcc6b52022-01-05 10:00:53.459root 11241100x80000000000000006953625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77ab364d455c4e2022-01-05 10:00:53.459root 11241100x80000000000000006953626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375b9ea7ed3f4ddc2022-01-05 10:00:53.459root 11241100x80000000000000006953627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73223b71ec727232022-01-05 10:00:53.459root 11241100x80000000000000006953628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b1d843db9954112022-01-05 10:00:53.460root 11241100x80000000000000006953629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9556fa26f56110202022-01-05 10:00:53.460root 11241100x80000000000000006953630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f7772d0a42c3102022-01-05 10:00:53.460root 11241100x80000000000000006953631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4317a96976b1f52022-01-05 10:00:53.460root 11241100x80000000000000006953632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de65f05ee838d412022-01-05 10:00:53.460root 11241100x80000000000000006953633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e92bfc408accf82022-01-05 10:00:53.460root 11241100x80000000000000006953634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2338df684db92e742022-01-05 10:00:53.460root 11241100x80000000000000006953635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b8acff4349d1642022-01-05 10:00:53.460root 11241100x80000000000000006953636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d532316c9edc70602022-01-05 10:00:53.460root 11241100x80000000000000006953637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedb79e12e1eed652022-01-05 10:00:53.460root 11241100x80000000000000006953638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d895d490c25b622022-01-05 10:00:53.460root 11241100x80000000000000006953639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9ca9f9013b017d2022-01-05 10:00:53.460root 11241100x80000000000000006953640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb73e2c28a268882022-01-05 10:00:53.460root 11241100x80000000000000006953641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a3111b72e806a92022-01-05 10:00:53.460root 11241100x80000000000000006953642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938446d2efe305e72022-01-05 10:00:53.460root 11241100x80000000000000006953643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd2a982d58b620f2022-01-05 10:00:53.460root 11241100x80000000000000006953644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba1089ec39762b62022-01-05 10:00:53.461root 11241100x80000000000000006953645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89f0e7b749158dd2022-01-05 10:00:53.461root 11241100x80000000000000006953646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91a3c106c6409c92022-01-05 10:00:53.461root 11241100x80000000000000006953647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d10581eccbb6822022-01-05 10:00:53.461root 11241100x80000000000000006953648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d0baef81a948c02022-01-05 10:00:53.461root 11241100x80000000000000006953649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab33327ccec2b452022-01-05 10:00:53.461root 11241100x80000000000000006953650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1424f714b91a2eb72022-01-05 10:00:53.461root 11241100x80000000000000006953651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa269cc4f4496142022-01-05 10:00:53.461root 11241100x80000000000000006953652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdeb0e9381325412022-01-05 10:00:53.461root 11241100x80000000000000006953653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8480163d714324cd2022-01-05 10:00:53.461root 11241100x80000000000000006953654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f077d4a586633c2022-01-05 10:00:53.461root 11241100x80000000000000006953655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96910f1df3740cd2022-01-05 10:00:53.960root 11241100x80000000000000006953656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f038369b34f89672022-01-05 10:00:53.960root 11241100x80000000000000006953657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcf9c0aa417a3082022-01-05 10:00:53.960root 11241100x80000000000000006953658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92dffb25e0819f52022-01-05 10:00:53.960root 11241100x80000000000000006953659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f0e7a1f9e3e5ea2022-01-05 10:00:53.960root 11241100x80000000000000006953660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8d46b7bff528b32022-01-05 10:00:53.960root 11241100x80000000000000006953661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8957846013c4f5a42022-01-05 10:00:53.960root 11241100x80000000000000006953662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb19e7284345c0c2022-01-05 10:00:53.960root 11241100x80000000000000006953663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276b17988608f58b2022-01-05 10:00:53.960root 11241100x80000000000000006953664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9b70093114a2462022-01-05 10:00:53.961root 11241100x80000000000000006953665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80322e04c7b604d2022-01-05 10:00:53.961root 11241100x80000000000000006953666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3047c4838f9e6cc32022-01-05 10:00:53.961root 11241100x80000000000000006953667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3037ca9e25978f9e2022-01-05 10:00:53.961root 11241100x80000000000000006953668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f524e9deb339762022-01-05 10:00:53.961root 11241100x80000000000000006953669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a84051fb9e958252022-01-05 10:00:53.961root 11241100x80000000000000006953670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c960d2e307ebd3aa2022-01-05 10:00:53.961root 11241100x80000000000000006953671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4d96ffe0254a332022-01-05 10:00:53.961root 11241100x80000000000000006953672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ba8be313f509ca2022-01-05 10:00:53.961root 11241100x80000000000000006953673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:53.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06a3d0f2b5d98f12022-01-05 10:00:53.961root 11241100x80000000000000006953674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a6474c67a134892022-01-05 10:00:54.459root 11241100x80000000000000006953675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4e70ebed8677fd2022-01-05 10:00:54.459root 11241100x80000000000000006953676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f607d816efe4a572022-01-05 10:00:54.459root 11241100x80000000000000006953677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e881e5e10aa0ad2022-01-05 10:00:54.459root 11241100x80000000000000006953678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd90c2f471d8ca82022-01-05 10:00:54.459root 11241100x80000000000000006953679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6c8967a68c56912022-01-05 10:00:54.460root 11241100x80000000000000006953680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477fcbcf76b582552022-01-05 10:00:54.460root 11241100x80000000000000006953681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c77eabd0c8003c2022-01-05 10:00:54.460root 11241100x80000000000000006953682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c372bb00b5ae4d3d2022-01-05 10:00:54.460root 11241100x80000000000000006953683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fd6553f7cb9f282022-01-05 10:00:54.460root 11241100x80000000000000006953684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b116320f9d35a28a2022-01-05 10:00:54.460root 11241100x80000000000000006953685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c667a0271839082022-01-05 10:00:54.460root 11241100x80000000000000006953686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf69fbf308b15b42022-01-05 10:00:54.460root 11241100x80000000000000006953687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cb27c8e70fbd242022-01-05 10:00:54.460root 11241100x80000000000000006953688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d495d09b442f78b2022-01-05 10:00:54.461root 11241100x80000000000000006953689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ecfe4425d6aa92022-01-05 10:00:54.461root 11241100x80000000000000006953690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc34cd775da3e342022-01-05 10:00:54.461root 11241100x80000000000000006953691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015a5835496ad0c02022-01-05 10:00:54.461root 11241100x80000000000000006953692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575a3930625b34462022-01-05 10:00:54.461root 11241100x80000000000000006953693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2baa28d9776fda5e2022-01-05 10:00:54.461root 11241100x80000000000000006953694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb27d728b5ec6992022-01-05 10:00:54.960root 11241100x80000000000000006953695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644a1269d845bfcf2022-01-05 10:00:54.960root 11241100x80000000000000006953696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84503704b1d846232022-01-05 10:00:54.960root 11241100x80000000000000006953697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994285598d5bb8e62022-01-05 10:00:54.960root 11241100x80000000000000006953698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c7b2e868a85462022-01-05 10:00:54.960root 11241100x80000000000000006953699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae05547491fe03982022-01-05 10:00:54.960root 11241100x80000000000000006953700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0023adc306b26af02022-01-05 10:00:54.960root 11241100x80000000000000006953701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1211521f75b313a2022-01-05 10:00:54.960root 11241100x80000000000000006953702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dc9988d74eaece2022-01-05 10:00:54.961root 11241100x80000000000000006953703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deb56d52922f7f42022-01-05 10:00:54.961root 11241100x80000000000000006953704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f35387ae3b14ff2022-01-05 10:00:54.961root 11241100x80000000000000006953705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a10f4140b306b492022-01-05 10:00:54.961root 11241100x80000000000000006953706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340530925d5424312022-01-05 10:00:54.961root 11241100x80000000000000006953707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b9bf2a36433e9f2022-01-05 10:00:54.961root 11241100x80000000000000006953708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cbe43adf4e30f92022-01-05 10:00:54.961root 11241100x80000000000000006953709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50ba15dc809b0282022-01-05 10:00:54.961root 11241100x80000000000000006953710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6507bb383654c0942022-01-05 10:00:54.961root 11241100x80000000000000006953711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dfad69450310042022-01-05 10:00:54.961root 11241100x80000000000000006953712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:54.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb9b4d545631ed2022-01-05 10:00:54.962root 354300x80000000000000006953713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41672-false10.0.1.12-8000- 11241100x80000000000000006953714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea886281e6bbab32022-01-05 10:00:55.220root 11241100x80000000000000006953715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a008ef6da2a11b2022-01-05 10:00:55.220root 11241100x80000000000000006953716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e18da734d17e6e2022-01-05 10:00:55.220root 11241100x80000000000000006953717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76775b5b175ad0342022-01-05 10:00:55.221root 11241100x80000000000000006953718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6c8e97d7107c2d2022-01-05 10:00:55.221root 11241100x80000000000000006953719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ebd596a688c56812022-01-05 10:00:55.221root 11241100x80000000000000006953720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1a6f9932acbdb42022-01-05 10:00:55.221root 11241100x80000000000000006953721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da291a493bfd2ec92022-01-05 10:00:55.221root 11241100x80000000000000006953722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef082749daaef33e2022-01-05 10:00:55.221root 11241100x80000000000000006953723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c1ff319121e4ff2022-01-05 10:00:55.221root 11241100x80000000000000006953724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfea7aa90aaf2db2022-01-05 10:00:55.221root 11241100x80000000000000006953725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea32352a9335a6902022-01-05 10:00:55.221root 11241100x80000000000000006953726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61689a6f867fcb632022-01-05 10:00:55.221root 11241100x80000000000000006953727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c744654fea90a6262022-01-05 10:00:55.221root 11241100x80000000000000006953728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391129dbd4095daa2022-01-05 10:00:55.221root 11241100x80000000000000006953729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd516902a5985642022-01-05 10:00:55.221root 11241100x80000000000000006953730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5618c4112eda524f2022-01-05 10:00:55.221root 11241100x80000000000000006953731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c55e7a0b640c02022-01-05 10:00:55.221root 11241100x80000000000000006953732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb37412f43ae0f62022-01-05 10:00:55.222root 11241100x80000000000000006953733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31829c58af8f520d2022-01-05 10:00:55.222root 11241100x80000000000000006953734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c571f37db618b9672022-01-05 10:00:55.222root 11241100x80000000000000006953735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4025808b1da950a2022-01-05 10:00:55.222root 11241100x80000000000000006953736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072b84bb422029432022-01-05 10:00:55.709root 11241100x80000000000000006953737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4e08a284385c8b2022-01-05 10:00:55.709root 11241100x80000000000000006953738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db8416f004112a32022-01-05 10:00:55.710root 11241100x80000000000000006953739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c34d07ccf7b282022-01-05 10:00:55.710root 11241100x80000000000000006953740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c5fa2165028192022-01-05 10:00:55.710root 11241100x80000000000000006953741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4509f802bf4219822022-01-05 10:00:55.710root 11241100x80000000000000006953742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a975d41e6aef0d912022-01-05 10:00:55.710root 11241100x80000000000000006953743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f7b9337aa980c92022-01-05 10:00:55.711root 11241100x80000000000000006953744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f038df4f46524b2022-01-05 10:00:55.711root 11241100x80000000000000006953745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31bcca93bef66562022-01-05 10:00:55.711root 11241100x80000000000000006953746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde12a1bf7fba4102022-01-05 10:00:55.711root 11241100x80000000000000006953747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fdefec5d7421c52022-01-05 10:00:55.711root 11241100x80000000000000006953748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19790871bad46cb2022-01-05 10:00:55.712root 11241100x80000000000000006953749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61253bce4886d95e2022-01-05 10:00:55.712root 11241100x80000000000000006953750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a360c9c29ae01142022-01-05 10:00:55.712root 11241100x80000000000000006953751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aefc636506baf362022-01-05 10:00:55.712root 11241100x80000000000000006953752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac3759ec38eadf2022-01-05 10:00:55.713root 11241100x80000000000000006953753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ddf26769c709702022-01-05 10:00:55.713root 11241100x80000000000000006953754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247766d70fba7a592022-01-05 10:00:55.713root 11241100x80000000000000006953755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:55.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d676e1875368b6b52022-01-05 10:00:55.713root 11241100x80000000000000006953756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43ec8d4588523292022-01-05 10:00:56.210root 11241100x80000000000000006953757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32cb40c717df25c2022-01-05 10:00:56.210root 11241100x80000000000000006953758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d88f290cbc3db22022-01-05 10:00:56.210root 11241100x80000000000000006953759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce5b38ffe165e302022-01-05 10:00:56.210root 11241100x80000000000000006953760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d285a69e0d48fe2022-01-05 10:00:56.210root 11241100x80000000000000006953761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def12dbebb108aab2022-01-05 10:00:56.210root 11241100x80000000000000006953762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f4829c78cc240b2022-01-05 10:00:56.210root 11241100x80000000000000006953763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a26097cd9577cec2022-01-05 10:00:56.210root 11241100x80000000000000006953764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb43f92b5e3648c92022-01-05 10:00:56.210root 11241100x80000000000000006953765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666dee524423df322022-01-05 10:00:56.210root 11241100x80000000000000006953766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e7631bd5e80c12022-01-05 10:00:56.210root 11241100x80000000000000006953767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15568b647bdddbc2022-01-05 10:00:56.211root 11241100x80000000000000006953768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687c8cb193d0ab9f2022-01-05 10:00:56.211root 11241100x80000000000000006953769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceeae59f53d57bb2022-01-05 10:00:56.211root 11241100x80000000000000006953770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b23d777466cc9132022-01-05 10:00:56.211root 11241100x80000000000000006953771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81da6248b27cafe82022-01-05 10:00:56.212root 11241100x80000000000000006953772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304fbcfbd8cc82822022-01-05 10:00:56.212root 11241100x80000000000000006953773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916d3ebd563a87bc2022-01-05 10:00:56.212root 11241100x80000000000000006953774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9624a55f3d394c7b2022-01-05 10:00:56.212root 11241100x80000000000000006953775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faa7cbed7882a372022-01-05 10:00:56.212root 11241100x80000000000000006953776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48457392c28aca442022-01-05 10:00:56.710root 11241100x80000000000000006953777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ae102a21b61162022-01-05 10:00:56.710root 11241100x80000000000000006953778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45f260f4575ba732022-01-05 10:00:56.710root 11241100x80000000000000006953779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db594d3cbabe0e22022-01-05 10:00:56.710root 11241100x80000000000000006953780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6956f760d13f71b22022-01-05 10:00:56.710root 11241100x80000000000000006953781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a2aa79a08128dd2022-01-05 10:00:56.710root 11241100x80000000000000006953782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f703721dcf11bb2022-01-05 10:00:56.710root 11241100x80000000000000006953783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3af25d2b1f7ad92022-01-05 10:00:56.710root 11241100x80000000000000006953784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9679ee181b135c172022-01-05 10:00:56.711root 11241100x80000000000000006953785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af44ef0cb000720f2022-01-05 10:00:56.711root 11241100x80000000000000006953786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c21d716a9166b12022-01-05 10:00:56.711root 11241100x80000000000000006953787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79500391c6df55d82022-01-05 10:00:56.711root 11241100x80000000000000006953788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109a604eb0e3d7832022-01-05 10:00:56.711root 11241100x80000000000000006953789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d6412daf6134792022-01-05 10:00:56.711root 11241100x80000000000000006953790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f531195bedadb82022-01-05 10:00:56.711root 11241100x80000000000000006953791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da72ea1c6365f0882022-01-05 10:00:56.711root 11241100x80000000000000006953792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a110d72454c0fa42022-01-05 10:00:56.711root 11241100x80000000000000006953793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7c8aae6b0508b02022-01-05 10:00:56.712root 11241100x80000000000000006953794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41a2dcafe54b1b32022-01-05 10:00:56.712root 11241100x80000000000000006953795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:56.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb640d2e557748e52022-01-05 10:00:56.712root 11241100x80000000000000006953796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f365935cf88e0c2022-01-05 10:00:57.209root 11241100x80000000000000006953797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a865e596d4bd0fa2022-01-05 10:00:57.209root 11241100x80000000000000006953798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06e3a204ba91d772022-01-05 10:00:57.209root 11241100x80000000000000006953799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e62bdbe0f3a6d42022-01-05 10:00:57.209root 11241100x80000000000000006953800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7645ededa1b1b1b52022-01-05 10:00:57.209root 11241100x80000000000000006953801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2096862ccc4b26252022-01-05 10:00:57.209root 11241100x80000000000000006953802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b8b043ce9c8522022-01-05 10:00:57.210root 11241100x80000000000000006953803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd86647a4aa099b2022-01-05 10:00:57.210root 11241100x80000000000000006953804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058b65c0e57e035c2022-01-05 10:00:57.210root 11241100x80000000000000006953805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971238144c2d10f22022-01-05 10:00:57.210root 11241100x80000000000000006953806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eacaeca75c49f32022-01-05 10:00:57.210root 11241100x80000000000000006953807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a18061399ab3be2022-01-05 10:00:57.210root 11241100x80000000000000006953808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430b119c4eda44352022-01-05 10:00:57.210root 11241100x80000000000000006953809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f597d9f52bccf92022-01-05 10:00:57.210root 11241100x80000000000000006953810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e5fbc07aac7a82022-01-05 10:00:57.210root 11241100x80000000000000006953811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed19a44ea2295d2022-01-05 10:00:57.210root 11241100x80000000000000006953812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f901c8a89153a52022-01-05 10:00:57.210root 11241100x80000000000000006953813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3cb6e95b6a6442022-01-05 10:00:57.210root 11241100x80000000000000006953814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d0221da7bf1b2a2022-01-05 10:00:57.211root 11241100x80000000000000006953815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2bcfae8379e8eb2022-01-05 10:00:57.211root 11241100x80000000000000006953816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f44d0e2ed87daa2022-01-05 10:00:57.211root 11241100x80000000000000006953817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2aaf4c8c23e21032022-01-05 10:00:57.211root 11241100x80000000000000006953818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa9ed59a101e942022-01-05 10:00:57.211root 11241100x80000000000000006953819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4cb81d396ae29e2022-01-05 10:00:57.211root 11241100x80000000000000006953820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c18e1e552e0d2192022-01-05 10:00:57.211root 11241100x80000000000000006953821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c444dcd579369ac42022-01-05 10:00:57.211root 11241100x80000000000000006953822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291eeb748191ee092022-01-05 10:00:57.211root 11241100x80000000000000006953823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1cac6136d20712022-01-05 10:00:57.211root 11241100x80000000000000006953824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137931075358b6aa2022-01-05 10:00:57.211root 11241100x80000000000000006953825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7758188dd1970eb72022-01-05 10:00:57.211root 11241100x80000000000000006953826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddfe28b72a9426f2022-01-05 10:00:57.212root 11241100x80000000000000006953827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e068842e3e37472022-01-05 10:00:57.212root 11241100x80000000000000006953828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92751eded660b9e92022-01-05 10:00:57.212root 11241100x80000000000000006953829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b6b02f5c32c7c62022-01-05 10:00:57.710root 11241100x80000000000000006953830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685f47c01dee6662022-01-05 10:00:57.710root 11241100x80000000000000006953831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca7551a7e31a1d62022-01-05 10:00:57.710root 11241100x80000000000000006953832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b01d2eaeaf4d292022-01-05 10:00:57.710root 11241100x80000000000000006953833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b3228751bb8d262022-01-05 10:00:57.710root 11241100x80000000000000006953834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b82d71ea27dbc222022-01-05 10:00:57.710root 11241100x80000000000000006953835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071247363c20b7332022-01-05 10:00:57.710root 11241100x80000000000000006953836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86512dad854102432022-01-05 10:00:57.710root 11241100x80000000000000006953837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488361588154fb9c2022-01-05 10:00:57.711root 11241100x80000000000000006953838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84ba895ed3c1732022-01-05 10:00:57.711root 11241100x80000000000000006953839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203653427f31a4532022-01-05 10:00:57.711root 11241100x80000000000000006953840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d63a99ea4762f92022-01-05 10:00:57.711root 11241100x80000000000000006953841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ca905c80a96a862022-01-05 10:00:57.711root 11241100x80000000000000006953842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd03276c7f6c4a22022-01-05 10:00:57.711root 11241100x80000000000000006953843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a6446eb2b184a2022-01-05 10:00:57.711root 11241100x80000000000000006953844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800a86c14198e8ba2022-01-05 10:00:57.712root 11241100x80000000000000006953845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09015139b05595342022-01-05 10:00:57.712root 11241100x80000000000000006953846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408dc3bf13360ca62022-01-05 10:00:57.712root 11241100x80000000000000006953847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23410569ae81423a2022-01-05 10:00:57.712root 11241100x80000000000000006953848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:57.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abc2d8cbaec72b92022-01-05 10:00:57.712root 11241100x80000000000000006953849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9dc0cb9ed41bb22022-01-05 10:00:58.209root 11241100x80000000000000006953850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6399ffb9346ac0e2022-01-05 10:00:58.209root 11241100x80000000000000006953851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a75867fac29822d2022-01-05 10:00:58.209root 11241100x80000000000000006953852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4ade709d90f9da2022-01-05 10:00:58.209root 11241100x80000000000000006953853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29bcf2e7146ebac2022-01-05 10:00:58.210root 11241100x80000000000000006953854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bbb21a0ef421dd2022-01-05 10:00:58.210root 11241100x80000000000000006953855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8e3ae16cda43072022-01-05 10:00:58.210root 11241100x80000000000000006953856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eaa100aef4aaa242022-01-05 10:00:58.210root 11241100x80000000000000006953857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfb824c4c18837c2022-01-05 10:00:58.210root 11241100x80000000000000006953858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57571f1b643cf4a42022-01-05 10:00:58.210root 11241100x80000000000000006953859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0240dce6ff2d055d2022-01-05 10:00:58.210root 11241100x80000000000000006953860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9edd7bf8eff108ca2022-01-05 10:00:58.210root 11241100x80000000000000006953861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d53b3e3647b9fb2022-01-05 10:00:58.210root 11241100x80000000000000006953862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdbedd28e586fa42022-01-05 10:00:58.210root 11241100x80000000000000006953863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c6de96f987919f2022-01-05 10:00:58.210root 11241100x80000000000000006953864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e160520acf66c2022-01-05 10:00:58.210root 11241100x80000000000000006953865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cde253246afe462022-01-05 10:00:58.210root 11241100x80000000000000006953866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f20a995d3547692022-01-05 10:00:58.210root 11241100x80000000000000006953867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ae09f3fbd8c4e62022-01-05 10:00:58.211root 11241100x80000000000000006953868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e9226fd431d1472022-01-05 10:00:58.211root 11241100x80000000000000006953869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e18ae9142ae6742022-01-05 10:00:58.709root 11241100x80000000000000006953870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7beefedf8baaa92022-01-05 10:00:58.709root 11241100x80000000000000006953871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0d3bfa544a25662022-01-05 10:00:58.710root 11241100x80000000000000006953872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77cdcf12a29960cf2022-01-05 10:00:58.710root 11241100x80000000000000006953873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d49063a60d133f32022-01-05 10:00:58.710root 11241100x80000000000000006953874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5eca62d21875592022-01-05 10:00:58.710root 11241100x80000000000000006953875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312a97cfa4a78fa92022-01-05 10:00:58.710root 11241100x80000000000000006953876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e0a5dc49a36e322022-01-05 10:00:58.710root 11241100x80000000000000006953877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12834b1003b3c1c32022-01-05 10:00:58.710root 11241100x80000000000000006953878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c74d4676f5a382022-01-05 10:00:58.710root 11241100x80000000000000006953879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809a39428cc4c7852022-01-05 10:00:58.710root 11241100x80000000000000006953880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8749a8fe781d7b342022-01-05 10:00:58.710root 11241100x80000000000000006953881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bdab4ba23e04932022-01-05 10:00:58.710root 11241100x80000000000000006953882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd94f6ba5bdf3a882022-01-05 10:00:58.711root 11241100x80000000000000006953883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a45bf8b0131bf842022-01-05 10:00:58.711root 11241100x80000000000000006953884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776c6d0ce05051d62022-01-05 10:00:58.711root 11241100x80000000000000006953885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f137b83555e722022-01-05 10:00:58.711root 11241100x80000000000000006953886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131c10a113ac20322022-01-05 10:00:58.711root 11241100x80000000000000006953887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c60d59320da7db2022-01-05 10:00:58.711root 11241100x80000000000000006953888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:58.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e77614e22334042022-01-05 10:00:58.711root 11241100x80000000000000006953889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab4291e7ec8d7932022-01-05 10:00:59.209root 11241100x80000000000000006953890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d32e819981c0b92022-01-05 10:00:59.209root 11241100x80000000000000006953891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe47f12dc01b1bd2022-01-05 10:00:59.210root 11241100x80000000000000006953892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46930a4ecb9c414d2022-01-05 10:00:59.210root 11241100x80000000000000006953893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb55d76ef4a45d22022-01-05 10:00:59.210root 11241100x80000000000000006953894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4313978368cbae402022-01-05 10:00:59.211root 11241100x80000000000000006953895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ef750e07f125f2022-01-05 10:00:59.211root 11241100x80000000000000006953896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3194113ba3025fc2022-01-05 10:00:59.211root 11241100x80000000000000006953897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cd7b3b5d6404232022-01-05 10:00:59.211root 11241100x80000000000000006953898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d5fcf81bda3efd2022-01-05 10:00:59.211root 11241100x80000000000000006953899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb811550c9b5242a2022-01-05 10:00:59.211root 11241100x80000000000000006953900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ad642c6028fd62022-01-05 10:00:59.212root 11241100x80000000000000006953901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcc3df4f3f2a5b22022-01-05 10:00:59.212root 11241100x80000000000000006953902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55b5a8dba3b20872022-01-05 10:00:59.212root 11241100x80000000000000006953903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51d929c5dab0d2d2022-01-05 10:00:59.212root 11241100x80000000000000006953904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc8e1bc8503deae2022-01-05 10:00:59.212root 11241100x80000000000000006953905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6510ed15b79ccc82022-01-05 10:00:59.212root 11241100x80000000000000006953906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624106450bf572872022-01-05 10:00:59.212root 11241100x80000000000000006953907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9286c13b1107f1c22022-01-05 10:00:59.212root 11241100x80000000000000006953908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4a2eb6b4cd95502022-01-05 10:00:59.212root 11241100x80000000000000006953909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87319f6c4da3f3d32022-01-05 10:00:59.213root 11241100x80000000000000006953910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:00:59.222root 11241100x80000000000000006953911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980c76064bbe66732022-01-05 10:00:59.709root 11241100x80000000000000006953912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25df9353484ae7cd2022-01-05 10:00:59.709root 11241100x80000000000000006953913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4321efa6d7965f2022-01-05 10:00:59.709root 11241100x80000000000000006953914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3605b1f30c9f072022-01-05 10:00:59.709root 11241100x80000000000000006953915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f40551a80f2e6a72022-01-05 10:00:59.709root 11241100x80000000000000006953916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd18946946a49f362022-01-05 10:00:59.709root 11241100x80000000000000006953917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6e4485613b01502022-01-05 10:00:59.710root 11241100x80000000000000006953918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28499fc353cae8a32022-01-05 10:00:59.710root 11241100x80000000000000006953919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89539a16e36895aa2022-01-05 10:00:59.710root 11241100x80000000000000006953920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37d42a4878ad6042022-01-05 10:00:59.710root 11241100x80000000000000006953921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c83ae30440421d2022-01-05 10:00:59.710root 11241100x80000000000000006953922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624f596fa36ddecf2022-01-05 10:00:59.710root 11241100x80000000000000006953923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02194c00e86bae52022-01-05 10:00:59.710root 11241100x80000000000000006953924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d390a1953a39a2f92022-01-05 10:00:59.710root 11241100x80000000000000006953925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf2cc57b6dd02912022-01-05 10:00:59.710root 11241100x80000000000000006953926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a318bf30315f172022-01-05 10:00:59.710root 11241100x80000000000000006953927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b46100b92d72d92022-01-05 10:00:59.710root 11241100x80000000000000006953928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c393e747e5f2ba652022-01-05 10:00:59.711root 11241100x80000000000000006953929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f602b7afd17a32022-01-05 10:00:59.711root 11241100x80000000000000006953930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fde70473eecaa42022-01-05 10:00:59.711root 11241100x80000000000000006953931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:00:59.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6a866baad75e582022-01-05 10:00:59.711root 11241100x80000000000000006953932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a666fff659b0599c2022-01-05 10:01:00.210root 11241100x80000000000000006953933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fca4a959a756b02022-01-05 10:01:00.210root 11241100x80000000000000006953934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6e476589e4adac2022-01-05 10:01:00.210root 11241100x80000000000000006953935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6a8704da91834a2022-01-05 10:01:00.210root 11241100x80000000000000006953936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a379f1d18da82e92022-01-05 10:01:00.210root 11241100x80000000000000006953937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fe3b91028d2f272022-01-05 10:01:00.210root 11241100x80000000000000006953938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df587072edb51aea2022-01-05 10:01:00.210root 11241100x80000000000000006953939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd0ce00bf03af772022-01-05 10:01:00.210root 11241100x80000000000000006953940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea81317c3a169e2022-01-05 10:01:00.211root 11241100x80000000000000006953941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201e05883aa3e2882022-01-05 10:01:00.211root 11241100x80000000000000006953942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbce7df70e7e29e2022-01-05 10:01:00.211root 11241100x80000000000000006953943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6e9895d939246f2022-01-05 10:01:00.211root 11241100x80000000000000006953944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9d14b89b2511bb2022-01-05 10:01:00.211root 11241100x80000000000000006953945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf910e93b44dda82022-01-05 10:01:00.211root 11241100x80000000000000006953946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad64bba62e62cd12022-01-05 10:01:00.211root 11241100x80000000000000006953947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12478f7f3aceadcc2022-01-05 10:01:00.211root 11241100x80000000000000006953948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9b49acf680edcb2022-01-05 10:01:00.211root 11241100x80000000000000006953949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272aeb80eb45771e2022-01-05 10:01:00.212root 11241100x80000000000000006953950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fd31354260224c2022-01-05 10:01:00.212root 11241100x80000000000000006953951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d140f5cccd02f1e2022-01-05 10:01:00.212root 11241100x80000000000000006953952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05542064e68302862022-01-05 10:01:00.212root 11241100x80000000000000006953953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcac955b954310bc2022-01-05 10:01:00.710root 11241100x80000000000000006953954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8247ca2ba073a8cc2022-01-05 10:01:00.710root 11241100x80000000000000006953955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ed40cd6ba2edbe2022-01-05 10:01:00.710root 11241100x80000000000000006953956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3c9b501a3e75582022-01-05 10:01:00.710root 11241100x80000000000000006953957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c83b1ce45d47332022-01-05 10:01:00.711root 11241100x80000000000000006953958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cbf582d2892dd02022-01-05 10:01:00.711root 11241100x80000000000000006953959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436eecaa3b97400f2022-01-05 10:01:00.711root 11241100x80000000000000006953960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2842d4e8b1928582022-01-05 10:01:00.711root 11241100x80000000000000006953961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d346551d7aa81c082022-01-05 10:01:00.712root 11241100x80000000000000006953962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011e58372203bbc82022-01-05 10:01:00.712root 11241100x80000000000000006953963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231a833ae5d041f52022-01-05 10:01:00.712root 11241100x80000000000000006953964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87ce294e588e1c02022-01-05 10:01:00.712root 11241100x80000000000000006953965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5513c24aa075071b2022-01-05 10:01:00.712root 11241100x80000000000000006953966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7543bb430b4944ea2022-01-05 10:01:00.712root 11241100x80000000000000006953967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a929c219d94f5cd62022-01-05 10:01:00.712root 11241100x80000000000000006953968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c1f8051a5ef3fb2022-01-05 10:01:00.712root 11241100x80000000000000006953969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2179a8ecaf6e6fb52022-01-05 10:01:00.712root 11241100x80000000000000006953970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6dec3ad7e85f8e2022-01-05 10:01:00.712root 11241100x80000000000000006953971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e854c021042bda5d2022-01-05 10:01:00.712root 11241100x80000000000000006953972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe40132e7eb0d9d2022-01-05 10:01:00.713root 11241100x80000000000000006953973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:00.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f967fffbf98784f72022-01-05 10:01:00.713root 354300x80000000000000006953974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.059{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41674-false10.0.1.12-8000- 11241100x80000000000000006953975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2fb126f650373e2022-01-05 10:01:01.060root 11241100x80000000000000006953976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c6044a4da93bc12022-01-05 10:01:01.060root 11241100x80000000000000006953977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c1745ec21d05182022-01-05 10:01:01.060root 11241100x80000000000000006953978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55efe0266c1bd5d2022-01-05 10:01:01.060root 11241100x80000000000000006953979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94eb801b9072ae4f2022-01-05 10:01:01.060root 11241100x80000000000000006953980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.060{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7389cf39e6b5f7a2022-01-05 10:01:01.060root 11241100x80000000000000006953981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c407e23163cec52022-01-05 10:01:01.061root 11241100x80000000000000006953982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3656b6febbb301fb2022-01-05 10:01:01.061root 11241100x80000000000000006953983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96b8dd6dc39385c2022-01-05 10:01:01.061root 11241100x80000000000000006953984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d55671b0a0677b2022-01-05 10:01:01.061root 11241100x80000000000000006953985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eecd8bc2da52902022-01-05 10:01:01.061root 11241100x80000000000000006953986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc885a21c66ed662022-01-05 10:01:01.061root 11241100x80000000000000006953987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.061{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ca1c9bf601169f2022-01-05 10:01:01.061root 11241100x80000000000000006953988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd99909017bbce72022-01-05 10:01:01.062root 11241100x80000000000000006953989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3804ab67a4aacb2022-01-05 10:01:01.062root 11241100x80000000000000006953990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66683687f520fdb2022-01-05 10:01:01.062root 11241100x80000000000000006953991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd28726f712743872022-01-05 10:01:01.062root 11241100x80000000000000006953992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cd0bdab44f12aa2022-01-05 10:01:01.062root 11241100x80000000000000006953993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4066cd931ba7f40b2022-01-05 10:01:01.062root 11241100x80000000000000006953994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f2de78386f0eb42022-01-05 10:01:01.062root 11241100x80000000000000006953995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0f0e644ae618cb2022-01-05 10:01:01.062root 11241100x80000000000000006953996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9469410415074eac2022-01-05 10:01:01.074root 11241100x80000000000000006953997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed98acc838b06db42022-01-05 10:01:01.074root 11241100x80000000000000006953998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded4e83af833602e2022-01-05 10:01:01.074root 11241100x80000000000000006953999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81de19fe7a91451d2022-01-05 10:01:01.074root 11241100x80000000000000006954000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d5497e29bdd9e22022-01-05 10:01:01.074root 11241100x80000000000000006954001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019fce0bad8f4cb2022-01-05 10:01:01.074root 11241100x80000000000000006954002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a22c91fcc683682022-01-05 10:01:01.074root 11241100x80000000000000006954003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.074{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48967ff85acf87072022-01-05 10:01:01.074root 11241100x80000000000000006954004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e76ca8aa27520bd2022-01-05 10:01:01.075root 11241100x80000000000000006954005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292954333e01b0682022-01-05 10:01:01.075root 11241100x80000000000000006954006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe105f3ee4b5092022-01-05 10:01:01.075root 11241100x80000000000000006954007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dd5e2c561f1be02022-01-05 10:01:01.075root 11241100x80000000000000006954008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1756eaaa8f74c9712022-01-05 10:01:01.075root 11241100x80000000000000006954009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9780cadb540d80572022-01-05 10:01:01.075root 11241100x80000000000000006954010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2537aeaf68b1593e2022-01-05 10:01:01.075root 11241100x80000000000000006954011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfbafabd746cc522022-01-05 10:01:01.075root 11241100x80000000000000006954012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.075{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.becd97f49fb3ed4f2022-01-05 10:01:01.075root 11241100x80000000000000006954013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70edc4b9dd49f3662022-01-05 10:01:01.459root 11241100x80000000000000006954014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b05cd3bb0c532382022-01-05 10:01:01.459root 11241100x80000000000000006954015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849816a12e1b84df2022-01-05 10:01:01.459root 11241100x80000000000000006954016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50974d7c7726906e2022-01-05 10:01:01.459root 11241100x80000000000000006954017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c331cafeaf4590d2022-01-05 10:01:01.460root 11241100x80000000000000006954018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bc70da153e8e1c2022-01-05 10:01:01.460root 11241100x80000000000000006954019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c71bfcf25d25ca2022-01-05 10:01:01.460root 11241100x80000000000000006954020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cc062b9f3ba122022-01-05 10:01:01.460root 11241100x80000000000000006954021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb27e8930cff73e2022-01-05 10:01:01.460root 11241100x80000000000000006954022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d976b978320879832022-01-05 10:01:01.460root 11241100x80000000000000006954023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e82aeb5fd347afd2022-01-05 10:01:01.460root 11241100x80000000000000006954024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff63214efef47212022-01-05 10:01:01.460root 11241100x80000000000000006954025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eaa372a55eb3ee2022-01-05 10:01:01.460root 11241100x80000000000000006954026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd370b5c17d9d0d62022-01-05 10:01:01.460root 11241100x80000000000000006954027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1d57d8500753c92022-01-05 10:01:01.461root 11241100x80000000000000006954028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8161ab9dbbdc62e2022-01-05 10:01:01.461root 11241100x80000000000000006954029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7f1c351dfdf1852022-01-05 10:01:01.461root 11241100x80000000000000006954030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cb302971eeaef62022-01-05 10:01:01.461root 11241100x80000000000000006954031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce15a1ba21725b52022-01-05 10:01:01.461root 11241100x80000000000000006954032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc220f6ab4c525f2022-01-05 10:01:01.461root 11241100x80000000000000006954033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c974e7039aa6e62022-01-05 10:01:01.461root 11241100x80000000000000006954034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0aa5285dd606a52022-01-05 10:01:01.461root 11241100x80000000000000006954035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e9c5c2177aea412022-01-05 10:01:01.959root 11241100x80000000000000006954036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc85c267f5260e712022-01-05 10:01:01.959root 11241100x80000000000000006954037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a156b4176420a3202022-01-05 10:01:01.959root 11241100x80000000000000006954038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bed811b45c09a772022-01-05 10:01:01.959root 11241100x80000000000000006954039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976e3f443ae4e33f2022-01-05 10:01:01.959root 11241100x80000000000000006954040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f670787f320d252022-01-05 10:01:01.960root 11241100x80000000000000006954041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197a49aabe838a2a2022-01-05 10:01:01.960root 11241100x80000000000000006954042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54943eb6030b84042022-01-05 10:01:01.960root 11241100x80000000000000006954043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99aade27b7bdc82022-01-05 10:01:01.960root 11241100x80000000000000006954044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94f3afc3bc964d62022-01-05 10:01:01.960root 11241100x80000000000000006954045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f64163426724fa12022-01-05 10:01:01.960root 11241100x80000000000000006954046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa115efda8890372022-01-05 10:01:01.960root 11241100x80000000000000006954047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b89a1d10edbc7f2022-01-05 10:01:01.960root 11241100x80000000000000006954048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aa0bb554a6187e2022-01-05 10:01:01.962root 11241100x80000000000000006954049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b6b036a38684092022-01-05 10:01:01.962root 11241100x80000000000000006954050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bfe39138304a602022-01-05 10:01:01.962root 11241100x80000000000000006954051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6de098912f169ac2022-01-05 10:01:01.962root 11241100x80000000000000006954052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d104900d77bdaec2022-01-05 10:01:01.962root 11241100x80000000000000006954053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0760103b8a677f2022-01-05 10:01:01.962root 11241100x80000000000000006954054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f5344492eb1cf2022-01-05 10:01:01.962root 11241100x80000000000000006954055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b229be0f6bbfa2a2022-01-05 10:01:01.962root 11241100x80000000000000006954056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:01.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3db0b58da7bb62022-01-05 10:01:01.963root 23542300x80000000000000006954057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.222{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006954058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0befbeeab2b5962022-01-05 10:01:02.223root 11241100x80000000000000006954059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ba8000d60279532022-01-05 10:01:02.223root 11241100x80000000000000006954060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c968c7e73ff6402022-01-05 10:01:02.224root 11241100x80000000000000006954061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36091d8edd65d35c2022-01-05 10:01:02.224root 11241100x80000000000000006954062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc399023e573ebe2022-01-05 10:01:02.224root 11241100x80000000000000006954063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6467d0f060f933012022-01-05 10:01:02.224root 11241100x80000000000000006954064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1976f3185a911442022-01-05 10:01:02.224root 11241100x80000000000000006954065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f574d8e2408ce4122022-01-05 10:01:02.224root 11241100x80000000000000006954066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be178f40bf9425c2022-01-05 10:01:02.224root 11241100x80000000000000006954067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42799ca40eda232022-01-05 10:01:02.224root 11241100x80000000000000006954068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650a184fe8b0f2bd2022-01-05 10:01:02.224root 11241100x80000000000000006954069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238611ea5d89bf3e2022-01-05 10:01:02.225root 11241100x80000000000000006954070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c39258db55a9a352022-01-05 10:01:02.225root 11241100x80000000000000006954071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc3c9dc264b6942022-01-05 10:01:02.225root 11241100x80000000000000006954072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf71e1cc2f9bab2022-01-05 10:01:02.225root 11241100x80000000000000006954073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42cd83377cbc3c32022-01-05 10:01:02.225root 11241100x80000000000000006954074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1256f278109070ce2022-01-05 10:01:02.225root 11241100x80000000000000006954075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3353f8b72f2a84e52022-01-05 10:01:02.225root 11241100x80000000000000006954076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86762c571bed51df2022-01-05 10:01:02.225root 11241100x80000000000000006954077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa948c5dc244a8b2022-01-05 10:01:02.225root 11241100x80000000000000006954078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77155e8d3a797c7a2022-01-05 10:01:02.225root 11241100x80000000000000006954079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d09ccc8fe577542022-01-05 10:01:02.225root 11241100x80000000000000006954080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86626d1632d62b42022-01-05 10:01:02.225root 11241100x80000000000000006954081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d641fc0ea944ee22022-01-05 10:01:02.225root 11241100x80000000000000006954082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.225{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68990c8ca235f5b22022-01-05 10:01:02.225root 11241100x80000000000000006954083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8783cf38d492dec2022-01-05 10:01:02.226root 11241100x80000000000000006954084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f00feb7bc073652022-01-05 10:01:02.226root 11241100x80000000000000006954085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e93a794402228e2022-01-05 10:01:02.226root 11241100x80000000000000006954086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc7d63c59720ad12022-01-05 10:01:02.226root 11241100x80000000000000006954087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b26fbe1c917d792022-01-05 10:01:02.226root 11241100x80000000000000006954088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64466055fb71ad582022-01-05 10:01:02.226root 11241100x80000000000000006954089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857677332b5c9cd72022-01-05 10:01:02.226root 11241100x80000000000000006954090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d86578d878c5232022-01-05 10:01:02.226root 11241100x80000000000000006954091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.226{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13fe36a7fedec072022-01-05 10:01:02.226root 11241100x80000000000000006954092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454c71e5119456c2022-01-05 10:01:02.710root 11241100x80000000000000006954093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d1680e546373a12022-01-05 10:01:02.710root 11241100x80000000000000006954094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284663063915423d2022-01-05 10:01:02.710root 11241100x80000000000000006954095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f2203876c67792022-01-05 10:01:02.710root 11241100x80000000000000006954096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f11bbaa35758232022-01-05 10:01:02.710root 11241100x80000000000000006954097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890faf1b92ee95762022-01-05 10:01:02.710root 11241100x80000000000000006954098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4a621b0589ab112022-01-05 10:01:02.710root 11241100x80000000000000006954099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35794e5addb2b9f2022-01-05 10:01:02.710root 11241100x80000000000000006954100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024350fb321509742022-01-05 10:01:02.710root 11241100x80000000000000006954101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ccc1f74dc063f82022-01-05 10:01:02.710root 11241100x80000000000000006954102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7759a00f3d7bd142022-01-05 10:01:02.710root 11241100x80000000000000006954103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e44dd469979a5712022-01-05 10:01:02.711root 11241100x80000000000000006954104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63687f742fa806c32022-01-05 10:01:02.711root 11241100x80000000000000006954105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45411ae93e9f2782022-01-05 10:01:02.711root 11241100x80000000000000006954106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9029475d35b6bbf2022-01-05 10:01:02.711root 11241100x80000000000000006954107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c669d7f5f065262022-01-05 10:01:02.711root 11241100x80000000000000006954108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6871be3a8362df352022-01-05 10:01:02.711root 11241100x80000000000000006954109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add769fb0d0dd4a62022-01-05 10:01:02.711root 11241100x80000000000000006954110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b5c988fa76d6eb2022-01-05 10:01:02.711root 11241100x80000000000000006954111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e335009b5a682142022-01-05 10:01:02.711root 11241100x80000000000000006954112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0f4f775cc606b2022-01-05 10:01:02.711root 11241100x80000000000000006954113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f078226acd1149c2022-01-05 10:01:02.711root 11241100x80000000000000006954114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:02.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adfdd47487f58992022-01-05 10:01:02.711root 11241100x80000000000000006954115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c2ae724cc946322022-01-05 10:01:03.209root 11241100x80000000000000006954116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ed14865b85e29f2022-01-05 10:01:03.209root 11241100x80000000000000006954117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b8f2b1d203bd512022-01-05 10:01:03.209root 11241100x80000000000000006954118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9066799c190832b22022-01-05 10:01:03.210root 11241100x80000000000000006954119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5a381af2753ddc2022-01-05 10:01:03.210root 11241100x80000000000000006954120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa730a9b7207f662022-01-05 10:01:03.210root 11241100x80000000000000006954121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f686b43aaef3e2022-01-05 10:01:03.210root 11241100x80000000000000006954122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60242ed85065db2f2022-01-05 10:01:03.210root 11241100x80000000000000006954123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82077d2a050b317b2022-01-05 10:01:03.210root 11241100x80000000000000006954124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90036254951717042022-01-05 10:01:03.211root 11241100x80000000000000006954125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8517190afd5ddc2022-01-05 10:01:03.211root 11241100x80000000000000006954126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c592cb250fc9f12022-01-05 10:01:03.211root 11241100x80000000000000006954127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfdcf581bf4a1c72022-01-05 10:01:03.211root 11241100x80000000000000006954128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e9e91c249ae112022-01-05 10:01:03.211root 11241100x80000000000000006954129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda461dfed055ea22022-01-05 10:01:03.211root 11241100x80000000000000006954130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c2b0df18fa09dc2022-01-05 10:01:03.211root 11241100x80000000000000006954131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181d9a0747b660ae2022-01-05 10:01:03.211root 11241100x80000000000000006954132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f756ebedb83deb2d2022-01-05 10:01:03.211root 11241100x80000000000000006954133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c82143b3937b252022-01-05 10:01:03.211root 11241100x80000000000000006954134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec33b1f25484151b2022-01-05 10:01:03.211root 11241100x80000000000000006954135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096dac0a220d5d402022-01-05 10:01:03.211root 11241100x80000000000000006954136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28fb0caa1b2bbc92022-01-05 10:01:03.211root 11241100x80000000000000006954137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703492f81d365a5a2022-01-05 10:01:03.212root 11241100x80000000000000006954138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25a388fd9ba97612022-01-05 10:01:03.709root 11241100x80000000000000006954139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd83b00619e277f02022-01-05 10:01:03.710root 11241100x80000000000000006954140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68db34c3a237c01a2022-01-05 10:01:03.710root 11241100x80000000000000006954141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdcab7fd93c39eb2022-01-05 10:01:03.710root 11241100x80000000000000006954142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3c483596af49f2022-01-05 10:01:03.710root 11241100x80000000000000006954143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33504cd0e667ff7f2022-01-05 10:01:03.710root 11241100x80000000000000006954144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8429997dec82712022-01-05 10:01:03.710root 11241100x80000000000000006954145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d684a22942a49a2022-01-05 10:01:03.710root 11241100x80000000000000006954146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b470578e57a65b2022-01-05 10:01:03.710root 11241100x80000000000000006954147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8cd589034779152022-01-05 10:01:03.711root 11241100x80000000000000006954148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9c629f8f5e61f82022-01-05 10:01:03.711root 11241100x80000000000000006954149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbd1fb93990a7b72022-01-05 10:01:03.711root 11241100x80000000000000006954150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460b88629dee421e2022-01-05 10:01:03.711root 11241100x80000000000000006954151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f6429b72e964b92022-01-05 10:01:03.711root 11241100x80000000000000006954152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86528b51534ce772022-01-05 10:01:03.711root 11241100x80000000000000006954153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe3fa865e38d0772022-01-05 10:01:03.711root 11241100x80000000000000006954154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e93a9583d5f8f9a2022-01-05 10:01:03.711root 11241100x80000000000000006954155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105a959cb871e7f82022-01-05 10:01:03.711root 11241100x80000000000000006954156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebdc5a1086f27562022-01-05 10:01:03.711root 11241100x80000000000000006954157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fd1398112d60222022-01-05 10:01:03.711root 11241100x80000000000000006954158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1cc630c748a4dd2022-01-05 10:01:03.712root 11241100x80000000000000006954159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5225092fdb7a75102022-01-05 10:01:03.712root 11241100x80000000000000006954160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:03.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c14ccd02487a482022-01-05 10:01:03.712root 11241100x80000000000000006954161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef8fb92cde1a09d2022-01-05 10:01:04.209root 11241100x80000000000000006954162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58e9830802a8efb2022-01-05 10:01:04.209root 11241100x80000000000000006954163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270fb9b3cd9753512022-01-05 10:01:04.209root 11241100x80000000000000006954164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677e1577d91501562022-01-05 10:01:04.210root 11241100x80000000000000006954165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60da4b2deb733b2022-01-05 10:01:04.210root 11241100x80000000000000006954166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb99ef00be267012022-01-05 10:01:04.210root 11241100x80000000000000006954167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2557e71b50b7fc22022-01-05 10:01:04.210root 11241100x80000000000000006954168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0076f5f82f69ed72022-01-05 10:01:04.210root 11241100x80000000000000006954169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8535d30b916994f92022-01-05 10:01:04.210root 11241100x80000000000000006954170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8802545c3ffb3332022-01-05 10:01:04.210root 11241100x80000000000000006954171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245b565bdc15c6432022-01-05 10:01:04.210root 11241100x80000000000000006954172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42476e112b99ffcc2022-01-05 10:01:04.211root 11241100x80000000000000006954173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079b4b8eb10b7f982022-01-05 10:01:04.211root 11241100x80000000000000006954174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bf159ef4b7d67c2022-01-05 10:01:04.211root 11241100x80000000000000006954175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae0a71848452a82022-01-05 10:01:04.211root 11241100x80000000000000006954176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14fa61844d1e622022-01-05 10:01:04.211root 11241100x80000000000000006954177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09134c1acd1d6a492022-01-05 10:01:04.211root 11241100x80000000000000006954178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dee39e497412ac2022-01-05 10:01:04.211root 11241100x80000000000000006954179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b163d66396a0c782022-01-05 10:01:04.211root 11241100x80000000000000006954180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01a2e87d8883ca22022-01-05 10:01:04.212root 11241100x80000000000000006954181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d070652c35e4152022-01-05 10:01:04.212root 11241100x80000000000000006954182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731bd0d7c5a1992b2022-01-05 10:01:04.212root 11241100x80000000000000006954183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd5aad0047af0e22022-01-05 10:01:04.212root 11241100x80000000000000006954184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622d85bb34c8ba482022-01-05 10:01:04.709root 11241100x80000000000000006954185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36037f5eb08d1902022-01-05 10:01:04.709root 11241100x80000000000000006954186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba4d9905f748d112022-01-05 10:01:04.709root 11241100x80000000000000006954187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0987170561a6d3c82022-01-05 10:01:04.709root 11241100x80000000000000006954188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d33814fc6b61cb52022-01-05 10:01:04.709root 11241100x80000000000000006954189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c718bc4bb5addb2022-01-05 10:01:04.710root 11241100x80000000000000006954190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e67df3580e78902022-01-05 10:01:04.710root 11241100x80000000000000006954191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517b65faf7e5c3a02022-01-05 10:01:04.710root 11241100x80000000000000006954192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44929c75a1330b3b2022-01-05 10:01:04.710root 11241100x80000000000000006954193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd49dc27dfc5c252022-01-05 10:01:04.710root 11241100x80000000000000006954194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31ade59b6b18d582022-01-05 10:01:04.710root 11241100x80000000000000006954195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc9be16b7acf1bd2022-01-05 10:01:04.710root 11241100x80000000000000006954196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126bb72e3dd4d73a2022-01-05 10:01:04.710root 11241100x80000000000000006954197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74588b26485dc9112022-01-05 10:01:04.710root 11241100x80000000000000006954198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd200a00d83ecde02022-01-05 10:01:04.710root 11241100x80000000000000006954199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e521d3713d734032022-01-05 10:01:04.711root 11241100x80000000000000006954200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccd4108ed9060ed2022-01-05 10:01:04.711root 11241100x80000000000000006954201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc681fb70b63d6c2022-01-05 10:01:04.711root 11241100x80000000000000006954202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7623fc1afb80f52022-01-05 10:01:04.711root 11241100x80000000000000006954203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0b4db38109865c2022-01-05 10:01:04.711root 11241100x80000000000000006954204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b27c927d1803d22022-01-05 10:01:04.711root 11241100x80000000000000006954205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096484c9aa1388ba2022-01-05 10:01:04.711root 11241100x80000000000000006954206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d90557a4be451722022-01-05 10:01:04.711root 11241100x80000000000000006954207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a69bd4074f74942022-01-05 10:01:04.711root 11241100x80000000000000006954208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ac30c469d67f122022-01-05 10:01:04.711root 11241100x80000000000000006954209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a954c595a09ff22022-01-05 10:01:04.711root 11241100x80000000000000006954210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c42316a51dc9e52022-01-05 10:01:04.712root 11241100x80000000000000006954211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc944d93249a14b42022-01-05 10:01:04.712root 11241100x80000000000000006954212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c09a39c8ee27472022-01-05 10:01:04.712root 11241100x80000000000000006954213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2444731505b3832022-01-05 10:01:04.712root 11241100x80000000000000006954214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69c4411703eea1d2022-01-05 10:01:04.712root 11241100x80000000000000006954215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c84b3620e5b37c2022-01-05 10:01:04.712root 11241100x80000000000000006954216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a356501297dd172022-01-05 10:01:04.712root 11241100x80000000000000006954217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc8cd1c061ad502022-01-05 10:01:04.713root 11241100x80000000000000006954218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea2e9e9a9626232022-01-05 10:01:04.713root 11241100x80000000000000006954219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25c3f209d538b1f2022-01-05 10:01:04.713root 11241100x80000000000000006954220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5252f1449eb93172022-01-05 10:01:04.713root 11241100x80000000000000006954221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7629ea2ee3bcb22022-01-05 10:01:04.713root 11241100x80000000000000006954222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fe4ce8ed1564432022-01-05 10:01:04.713root 11241100x80000000000000006954223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f957b620826424a62022-01-05 10:01:04.713root 11241100x80000000000000006954224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f4392e6c970d202022-01-05 10:01:04.713root 11241100x80000000000000006954225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123c3f58080edb052022-01-05 10:01:04.713root 11241100x80000000000000006954226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99df8dc79244b6fb2022-01-05 10:01:04.713root 11241100x80000000000000006954227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f030425c3752402022-01-05 10:01:04.713root 11241100x80000000000000006954228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57295f808d0f54d2022-01-05 10:01:04.713root 11241100x80000000000000006954229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca63a5262f585c92022-01-05 10:01:04.714root 11241100x80000000000000006954230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595f9fcb75f618f12022-01-05 10:01:04.714root 11241100x80000000000000006954231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73247b0248bc67f22022-01-05 10:01:04.714root 11241100x80000000000000006954232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f8e00ff1e3ea0b2022-01-05 10:01:04.714root 11241100x80000000000000006954233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d51686298cc83cf2022-01-05 10:01:04.714root 11241100x80000000000000006954234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c9e30b8cd5d35e2022-01-05 10:01:04.714root 11241100x80000000000000006954235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172396b247b0a6372022-01-05 10:01:04.714root 11241100x80000000000000006954236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47f8dc441cdea582022-01-05 10:01:04.714root 11241100x80000000000000006954237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad54c03a13c0e4a2022-01-05 10:01:04.714root 11241100x80000000000000006954238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63a4a5161c4a5a42022-01-05 10:01:04.714root 11241100x80000000000000006954239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:04.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb367352201a98582022-01-05 10:01:04.714root 11241100x80000000000000006954240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd841ce456aca72022-01-05 10:01:05.209root 11241100x80000000000000006954241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bfa3d98982a3f12022-01-05 10:01:05.209root 11241100x80000000000000006954242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6648f2b148368e182022-01-05 10:01:05.210root 11241100x80000000000000006954243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f6c9cd5be5f482022-01-05 10:01:05.210root 11241100x80000000000000006954244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3dfdbe9b56b1bea2022-01-05 10:01:05.211root 11241100x80000000000000006954245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916638bd634195992022-01-05 10:01:05.211root 11241100x80000000000000006954246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112c41e901116a002022-01-05 10:01:05.211root 11241100x80000000000000006954247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c425cb155bf82782022-01-05 10:01:05.211root 11241100x80000000000000006954248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66785690bc77da892022-01-05 10:01:05.211root 11241100x80000000000000006954249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41c9514f1a8c4a2022-01-05 10:01:05.211root 11241100x80000000000000006954250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59ed791b0afda02022-01-05 10:01:05.212root 11241100x80000000000000006954251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6aef292b20b272e2022-01-05 10:01:05.212root 11241100x80000000000000006954252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b643704a4c74a6a2022-01-05 10:01:05.212root 11241100x80000000000000006954253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd7a0c03dc8a99f2022-01-05 10:01:05.212root 11241100x80000000000000006954254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41445d0944f4e7902022-01-05 10:01:05.212root 11241100x80000000000000006954255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8ead6d33363dd2022-01-05 10:01:05.212root 11241100x80000000000000006954256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008c20b927a6d64b2022-01-05 10:01:05.212root 11241100x80000000000000006954257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711231bbcdef32c62022-01-05 10:01:05.213root 11241100x80000000000000006954258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148ff93fb90666742022-01-05 10:01:05.213root 11241100x80000000000000006954259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43972d46d94e5f272022-01-05 10:01:05.213root 11241100x80000000000000006954260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffc33d1e3fd95e22022-01-05 10:01:05.213root 11241100x80000000000000006954261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409c4b2e2e6d441c2022-01-05 10:01:05.213root 11241100x80000000000000006954262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a828eb2500f3012022-01-05 10:01:05.213root 11241100x80000000000000006954263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67927a02e73ad62022-01-05 10:01:05.709root 11241100x80000000000000006954264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ad5bde4a1e59ee2022-01-05 10:01:05.709root 11241100x80000000000000006954265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ca1bf8a98dcd92022-01-05 10:01:05.709root 11241100x80000000000000006954266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f47e1fcc8efd1c12022-01-05 10:01:05.710root 11241100x80000000000000006954267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5136d9831197e2d2022-01-05 10:01:05.710root 11241100x80000000000000006954268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080a282f8679b7482022-01-05 10:01:05.710root 11241100x80000000000000006954269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602d9e23433eef872022-01-05 10:01:05.710root 11241100x80000000000000006954270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4679046293c415792022-01-05 10:01:05.710root 11241100x80000000000000006954271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09395120f6afbe702022-01-05 10:01:05.710root 11241100x80000000000000006954272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf90bd173646582022-01-05 10:01:05.710root 11241100x80000000000000006954273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b46b46570a870162022-01-05 10:01:05.710root 11241100x80000000000000006954274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961f4dffef0f8492022-01-05 10:01:05.710root 11241100x80000000000000006954275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84daaefd53ab8e832022-01-05 10:01:05.710root 11241100x80000000000000006954276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ab9037c8ecc5a32022-01-05 10:01:05.710root 11241100x80000000000000006954277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb9b2574099bb262022-01-05 10:01:05.710root 11241100x80000000000000006954278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8f6c74e4eb6c602022-01-05 10:01:05.710root 11241100x80000000000000006954279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dc2123a40e9a4b2022-01-05 10:01:05.710root 11241100x80000000000000006954280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44583e11efe9552022-01-05 10:01:05.710root 11241100x80000000000000006954281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a693812ee550d17b2022-01-05 10:01:05.710root 11241100x80000000000000006954282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22d95ff284304a02022-01-05 10:01:05.711root 11241100x80000000000000006954283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f89064ab5fa302022-01-05 10:01:05.711root 11241100x80000000000000006954284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad86d3430294be572022-01-05 10:01:05.711root 11241100x80000000000000006954285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f67dfb10e347ec2022-01-05 10:01:05.711root 11241100x80000000000000006954286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87fe28f4aa4f61f2022-01-05 10:01:05.711root 354300x80000000000000006954287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.096{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41676-false10.0.1.12-8000- 11241100x80000000000000006954288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac5c7897bbe05862022-01-05 10:01:06.097root 11241100x80000000000000006954289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa00f9fe6efa3d682022-01-05 10:01:06.097root 11241100x80000000000000006954290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bb21382ac73e862022-01-05 10:01:06.097root 11241100x80000000000000006954291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6039f789932f7d92022-01-05 10:01:06.097root 11241100x80000000000000006954292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72825aca79c7f95d2022-01-05 10:01:06.097root 11241100x80000000000000006954293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c299cc64bbb2bb2022-01-05 10:01:06.097root 11241100x80000000000000006954294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed4951885b949c42022-01-05 10:01:06.097root 11241100x80000000000000006954295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.097{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd84fee9b7b2952022-01-05 10:01:06.097root 11241100x80000000000000006954296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9050e1a27a92fda62022-01-05 10:01:06.098root 11241100x80000000000000006954297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74923bb31e1d409b2022-01-05 10:01:06.098root 11241100x80000000000000006954298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95102ff528a7e2742022-01-05 10:01:06.098root 11241100x80000000000000006954299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd7670d21dd90382022-01-05 10:01:06.098root 11241100x80000000000000006954300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a173d6d5a968d92022-01-05 10:01:06.098root 11241100x80000000000000006954301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea61f0eea775df152022-01-05 10:01:06.098root 11241100x80000000000000006954302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa2e6df9e09fc12022-01-05 10:01:06.098root 11241100x80000000000000006954303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1e35928c1902902022-01-05 10:01:06.098root 11241100x80000000000000006954304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63fb367f522c6b22022-01-05 10:01:06.098root 11241100x80000000000000006954305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e795816afebe28f72022-01-05 10:01:06.098root 11241100x80000000000000006954306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0491819fe3214b52022-01-05 10:01:06.098root 11241100x80000000000000006954307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d829067f523ada382022-01-05 10:01:06.098root 11241100x80000000000000006954308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbafea6c66aa9b052022-01-05 10:01:06.098root 11241100x80000000000000006954309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.098{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699040efab921d3e2022-01-05 10:01:06.098root 11241100x80000000000000006954310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.099{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd64f5a081107322022-01-05 10:01:06.099root 11241100x80000000000000006954311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.099{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7625eb8abc854a012022-01-05 10:01:06.099root 11241100x80000000000000006954312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7324713e640638b32022-01-05 10:01:06.460root 11241100x80000000000000006954313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929c25514e36c45c2022-01-05 10:01:06.460root 11241100x80000000000000006954314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c88dbf11e3502172022-01-05 10:01:06.460root 11241100x80000000000000006954315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ce49b921c96b1f2022-01-05 10:01:06.460root 11241100x80000000000000006954316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133540da05ba150c2022-01-05 10:01:06.461root 11241100x80000000000000006954317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e0366e677fbb152022-01-05 10:01:06.461root 11241100x80000000000000006954318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bd75f3d67088df2022-01-05 10:01:06.461root 11241100x80000000000000006954319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce4988d6b246a942022-01-05 10:01:06.461root 11241100x80000000000000006954320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30110884ee08184b2022-01-05 10:01:06.462root 11241100x80000000000000006954321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bd1281631027562022-01-05 10:01:06.462root 11241100x80000000000000006954322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f651eaedeaa010b2022-01-05 10:01:06.462root 11241100x80000000000000006954323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3def29916b109f2022-01-05 10:01:06.462root 11241100x80000000000000006954324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752bc323452c18452022-01-05 10:01:06.462root 11241100x80000000000000006954325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef585a0efa47181c2022-01-05 10:01:06.463root 11241100x80000000000000006954326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5558057c73f763a2022-01-05 10:01:06.463root 11241100x80000000000000006954327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d4623091ec5c942022-01-05 10:01:06.463root 11241100x80000000000000006954328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b24d2e7f96f790e2022-01-05 10:01:06.463root 11241100x80000000000000006954329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66dc01606a31b0f2022-01-05 10:01:06.463root 11241100x80000000000000006954330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa8b051e54b1b682022-01-05 10:01:06.463root 11241100x80000000000000006954331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06206d460bc0fd8c2022-01-05 10:01:06.463root 11241100x80000000000000006954332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcb0eaf5ccb30542022-01-05 10:01:06.463root 11241100x80000000000000006954333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223d2351afd5f5c12022-01-05 10:01:06.463root 11241100x80000000000000006954334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8737b9319d3c2c642022-01-05 10:01:06.463root 11241100x80000000000000006954335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96cc5f0192cacad2022-01-05 10:01:06.463root 11241100x80000000000000006954336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017871f469db86eb2022-01-05 10:01:06.959root 11241100x80000000000000006954337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055bb2a7b07f21de2022-01-05 10:01:06.959root 11241100x80000000000000006954338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d12133c97a76ff2022-01-05 10:01:06.959root 11241100x80000000000000006954339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8308797af4032cb52022-01-05 10:01:06.959root 11241100x80000000000000006954340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82fbebb7addf3842022-01-05 10:01:06.959root 11241100x80000000000000006954341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4603bd8db8a22f712022-01-05 10:01:06.959root 11241100x80000000000000006954342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c56dc9904a87ca92022-01-05 10:01:06.959root 11241100x80000000000000006954343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d14b3fc242d8932022-01-05 10:01:06.959root 11241100x80000000000000006954344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52737ba4084406c2022-01-05 10:01:06.960root 11241100x80000000000000006954345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c2bceadcbcc4cd2022-01-05 10:01:06.960root 11241100x80000000000000006954346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4b8d3e287236672022-01-05 10:01:06.960root 11241100x80000000000000006954347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eab2d15eb1e5e522022-01-05 10:01:06.960root 11241100x80000000000000006954348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089edc62935937562022-01-05 10:01:06.960root 11241100x80000000000000006954349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd2fbc46a4b79342022-01-05 10:01:06.960root 11241100x80000000000000006954350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680938138d814be52022-01-05 10:01:06.960root 11241100x80000000000000006954351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a934d143e2608e32022-01-05 10:01:06.960root 11241100x80000000000000006954352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4350c77d5546e09d2022-01-05 10:01:06.960root 11241100x80000000000000006954353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1e0307da76192d2022-01-05 10:01:06.961root 11241100x80000000000000006954354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1da7926379ee1b2022-01-05 10:01:06.961root 11241100x80000000000000006954355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916a81c4aaae4b542022-01-05 10:01:06.961root 11241100x80000000000000006954356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc280380f32e40f2022-01-05 10:01:06.961root 11241100x80000000000000006954357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f344c3cc6dd1d92022-01-05 10:01:06.961root 11241100x80000000000000006954358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc01a98c76c0e0e12022-01-05 10:01:06.961root 11241100x80000000000000006954359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0827d7cfbea3cf472022-01-05 10:01:06.961root 11241100x80000000000000006954360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f00d777edf2f772022-01-05 10:01:06.961root 11241100x80000000000000006954361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bc2517f35d88542022-01-05 10:01:06.961root 11241100x80000000000000006954362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7d9353e1d062af2022-01-05 10:01:06.961root 11241100x80000000000000006954363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3876fb78cdacee72022-01-05 10:01:06.961root 11241100x80000000000000006954364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce77cc6451eb58b2022-01-05 10:01:06.961root 11241100x80000000000000006954365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224a71c214a929312022-01-05 10:01:06.962root 11241100x80000000000000006954366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e48b4b78ff565c2022-01-05 10:01:06.962root 11241100x80000000000000006954367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb2c9af7d8d90b2022-01-05 10:01:06.962root 11241100x80000000000000006954368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2597e9d4cdb89432022-01-05 10:01:06.962root 11241100x80000000000000006954369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a263b0134b1db1d32022-01-05 10:01:06.962root 11241100x80000000000000006954370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d73dab462146ff12022-01-05 10:01:06.962root 11241100x80000000000000006954371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e7d914c345d8832022-01-05 10:01:06.962root 11241100x80000000000000006954372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b72e9a6cca059a2022-01-05 10:01:06.962root 11241100x80000000000000006954373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151f3d584f035da82022-01-05 10:01:06.962root 11241100x80000000000000006954374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c68edf03f6075a42022-01-05 10:01:06.962root 11241100x80000000000000006954375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b93d8f912a37e22022-01-05 10:01:06.962root 11241100x80000000000000006954376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74807ee05316fb72022-01-05 10:01:06.962root 11241100x80000000000000006954377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:06.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a2f0f4266aced32022-01-05 10:01:06.962root 11241100x80000000000000006954378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce02b51450dfdd2022-01-05 10:01:07.459root 11241100x80000000000000006954379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a135b43a90e124b2022-01-05 10:01:07.459root 11241100x80000000000000006954380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200798ae53184b9b2022-01-05 10:01:07.460root 11241100x80000000000000006954381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b8c09314a36872022-01-05 10:01:07.460root 11241100x80000000000000006954382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aae6020ad850962022-01-05 10:01:07.460root 11241100x80000000000000006954383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71771d1360fa1b8b2022-01-05 10:01:07.460root 11241100x80000000000000006954384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66baac43ff5539e2022-01-05 10:01:07.460root 11241100x80000000000000006954385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3cc4a13a5eb6cf2022-01-05 10:01:07.460root 11241100x80000000000000006954386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b51eee7f0473bf92022-01-05 10:01:07.460root 11241100x80000000000000006954387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7224522655bdd1fe2022-01-05 10:01:07.460root 11241100x80000000000000006954388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90463dd85ca4c6d02022-01-05 10:01:07.460root 11241100x80000000000000006954389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50807fd2fd1338e2022-01-05 10:01:07.460root 11241100x80000000000000006954390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2060994795fb15262022-01-05 10:01:07.460root 11241100x80000000000000006954391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6534ba5794722d72022-01-05 10:01:07.460root 11241100x80000000000000006954392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e89767e34c6a3c52022-01-05 10:01:07.460root 11241100x80000000000000006954393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67770153074ae8fc2022-01-05 10:01:07.461root 11241100x80000000000000006954394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1255bffdbe930442022-01-05 10:01:07.461root 11241100x80000000000000006954395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33ebbe1ea7e94282022-01-05 10:01:07.461root 11241100x80000000000000006954396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be966032945d7d92022-01-05 10:01:07.461root 11241100x80000000000000006954397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f75db6f6ced31612022-01-05 10:01:07.461root 11241100x80000000000000006954398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f510d0742d65d2022-01-05 10:01:07.461root 11241100x80000000000000006954399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003f3f9fa30c32982022-01-05 10:01:07.461root 11241100x80000000000000006954400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bccb3cbb376c7f2022-01-05 10:01:07.461root 11241100x80000000000000006954401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a16f683c4fedff2022-01-05 10:01:07.461root 11241100x80000000000000006954402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd460b66d258f9b2022-01-05 10:01:07.461root 11241100x80000000000000006954403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d094a563e0dae7e2022-01-05 10:01:07.959root 11241100x80000000000000006954404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fea6501a8e9b42022-01-05 10:01:07.959root 11241100x80000000000000006954405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3488d2674931bf2022-01-05 10:01:07.959root 11241100x80000000000000006954406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a876787669d76c2022-01-05 10:01:07.960root 11241100x80000000000000006954407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ceb6b2271bacbac2022-01-05 10:01:07.960root 11241100x80000000000000006954408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd71169745f1dce2022-01-05 10:01:07.960root 11241100x80000000000000006954409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318abbfe8b22009b2022-01-05 10:01:07.960root 11241100x80000000000000006954410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14235c526afddfb32022-01-05 10:01:07.960root 11241100x80000000000000006954411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245e646d874ad2312022-01-05 10:01:07.960root 11241100x80000000000000006954412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3b657783952f182022-01-05 10:01:07.960root 11241100x80000000000000006954413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518ea9de4fef82f52022-01-05 10:01:07.960root 11241100x80000000000000006954414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a169a97bbe0797f2022-01-05 10:01:07.960root 11241100x80000000000000006954415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292326551c15f9602022-01-05 10:01:07.960root 11241100x80000000000000006954416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb58cad829f3c462022-01-05 10:01:07.960root 11241100x80000000000000006954417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22b3734791b58502022-01-05 10:01:07.960root 11241100x80000000000000006954418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249ac78097751e4a2022-01-05 10:01:07.961root 11241100x80000000000000006954419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c7fc73fb523f802022-01-05 10:01:07.961root 11241100x80000000000000006954420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f784c85089fb3172022-01-05 10:01:07.961root 11241100x80000000000000006954421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5e53a0cf8252992022-01-05 10:01:07.961root 11241100x80000000000000006954422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab81ca0387d326ba2022-01-05 10:01:07.961root 11241100x80000000000000006954423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947211ab241928a32022-01-05 10:01:07.961root 11241100x80000000000000006954424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba4764fd59a6c02022-01-05 10:01:07.961root 11241100x80000000000000006954425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c42f144bee84712022-01-05 10:01:07.962root 11241100x80000000000000006954426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012b7c87ef8d91f62022-01-05 10:01:07.962root 11241100x80000000000000006954427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:07.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4074b18f42e9b72022-01-05 10:01:07.962root 11241100x80000000000000006954428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c64059ee9ebe5272022-01-05 10:01:08.460root 11241100x80000000000000006954429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c4ac1f0cf302d72022-01-05 10:01:08.460root 11241100x80000000000000006954430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313bd3213f9fc82f2022-01-05 10:01:08.460root 11241100x80000000000000006954431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5bf449c2c245322022-01-05 10:01:08.460root 11241100x80000000000000006954432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be51fbe567dd57862022-01-05 10:01:08.460root 11241100x80000000000000006954433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a21238ad8278c82022-01-05 10:01:08.460root 11241100x80000000000000006954434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e535aa82842e62f02022-01-05 10:01:08.460root 11241100x80000000000000006954435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55c380108c559602022-01-05 10:01:08.460root 11241100x80000000000000006954436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c514189bf2bc12da2022-01-05 10:01:08.460root 11241100x80000000000000006954437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d60e81b57fc07382022-01-05 10:01:08.461root 11241100x80000000000000006954438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b161684ecc22627a2022-01-05 10:01:08.461root 11241100x80000000000000006954439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6e19e55e1a01322022-01-05 10:01:08.461root 11241100x80000000000000006954440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf47878c518d0be52022-01-05 10:01:08.461root 11241100x80000000000000006954441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9abee1ae9326302022-01-05 10:01:08.461root 11241100x80000000000000006954442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65dd9952402d14c2022-01-05 10:01:08.461root 11241100x80000000000000006954443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2277ca928db6cd952022-01-05 10:01:08.461root 11241100x80000000000000006954444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f53aac005fa0712022-01-05 10:01:08.461root 11241100x80000000000000006954445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972b67b86a00e3c72022-01-05 10:01:08.461root 11241100x80000000000000006954446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bb23c81adacdf22022-01-05 10:01:08.461root 11241100x80000000000000006954447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a7717216efcd592022-01-05 10:01:08.461root 11241100x80000000000000006954448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301e86fb0460a0a32022-01-05 10:01:08.461root 11241100x80000000000000006954449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e38c3b1d9160142022-01-05 10:01:08.461root 11241100x80000000000000006954450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc81df4014a03552022-01-05 10:01:08.461root 11241100x80000000000000006954451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24040cc0644abf642022-01-05 10:01:08.461root 11241100x80000000000000006954452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693048f5e8a0f5e02022-01-05 10:01:08.959root 11241100x80000000000000006954453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd294d7c5a06ba8b2022-01-05 10:01:08.959root 11241100x80000000000000006954454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522d2beb8b98ebf62022-01-05 10:01:08.959root 11241100x80000000000000006954455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c0f5cb04fb1a382022-01-05 10:01:08.959root 11241100x80000000000000006954456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c13de3983abd3a2022-01-05 10:01:08.959root 11241100x80000000000000006954457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907277878596fce52022-01-05 10:01:08.959root 11241100x80000000000000006954458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a1d287d6b6ab162022-01-05 10:01:08.960root 11241100x80000000000000006954459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafc2b2a5a712362022-01-05 10:01:08.960root 11241100x80000000000000006954460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22a996eb84aa6392022-01-05 10:01:08.960root 11241100x80000000000000006954461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c77769e8dc4db92022-01-05 10:01:08.960root 11241100x80000000000000006954462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdf3153d7dc7adc2022-01-05 10:01:08.960root 11241100x80000000000000006954463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d048d41083581d042022-01-05 10:01:08.960root 11241100x80000000000000006954464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9715b1b0eaef75952022-01-05 10:01:08.960root 11241100x80000000000000006954465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10277a84a985df2022-01-05 10:01:08.960root 11241100x80000000000000006954466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6764a3dc37b739da2022-01-05 10:01:08.960root 11241100x80000000000000006954467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b901ab6a6c5029632022-01-05 10:01:08.960root 11241100x80000000000000006954468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682b69db729e37dd2022-01-05 10:01:08.960root 11241100x80000000000000006954469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4b944f6591631b2022-01-05 10:01:08.960root 11241100x80000000000000006954470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78b55ec6c82e8942022-01-05 10:01:08.960root 11241100x80000000000000006954471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7065dc0d91269b42022-01-05 10:01:08.961root 11241100x80000000000000006954472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66808114e4b54262022-01-05 10:01:08.961root 11241100x80000000000000006954473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e3a9ad9fa7ecef2022-01-05 10:01:08.961root 11241100x80000000000000006954474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a970dfaaedfee15a2022-01-05 10:01:08.961root 11241100x80000000000000006954475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b33ec0f5c3557c22022-01-05 10:01:08.961root 11241100x80000000000000006954476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8559636410bae2022-01-05 10:01:08.961root 11241100x80000000000000006954477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea096b2d18b1d3772022-01-05 10:01:08.961root 11241100x80000000000000006954478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c515da96cfba112022-01-05 10:01:08.961root 11241100x80000000000000006954479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5f6e15516f93382022-01-05 10:01:08.961root 11241100x80000000000000006954480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a717f98f03e8a55a2022-01-05 10:01:08.961root 11241100x80000000000000006954481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4dce6b0d6ada432022-01-05 10:01:08.962root 11241100x80000000000000006954482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab64a7e96b9db6e2022-01-05 10:01:08.962root 11241100x80000000000000006954483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46432394f0c2c232022-01-05 10:01:08.962root 11241100x80000000000000006954484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5affb9956a7f752022-01-05 10:01:08.962root 11241100x80000000000000006954485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1981545cf033bcf72022-01-05 10:01:08.962root 11241100x80000000000000006954486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce1c942770793472022-01-05 10:01:08.962root 11241100x80000000000000006954487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ea8824075e24d2022-01-05 10:01:08.962root 11241100x80000000000000006954488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d397e31da15d42b2022-01-05 10:01:08.962root 11241100x80000000000000006954489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e04c6840e32c91a2022-01-05 10:01:08.962root 11241100x80000000000000006954490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867f3e653d6a0fd52022-01-05 10:01:08.963root 11241100x80000000000000006954491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469319ae1b9f7a992022-01-05 10:01:08.963root 11241100x80000000000000006954492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60502c7bc887b32f2022-01-05 10:01:08.963root 11241100x80000000000000006954493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac41b9a7fb190bd02022-01-05 10:01:08.963root 11241100x80000000000000006954494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8113fa1c9fb868882022-01-05 10:01:08.963root 11241100x80000000000000006954495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e52e5696e211c52022-01-05 10:01:08.963root 11241100x80000000000000006954496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec3c3fecc96f4e02022-01-05 10:01:08.963root 11241100x80000000000000006954497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a36fe6de2b85642022-01-05 10:01:08.963root 11241100x80000000000000006954498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e3e139840968e42022-01-05 10:01:08.963root 11241100x80000000000000006954499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcc2c34d82967ff2022-01-05 10:01:08.963root 11241100x80000000000000006954500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cbd8c517e1f8012022-01-05 10:01:08.963root 11241100x80000000000000006954501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c02a986dc7d8012022-01-05 10:01:08.964root 11241100x80000000000000006954502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cb34f99f8e272d2022-01-05 10:01:08.964root 11241100x80000000000000006954503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:08.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2077008474041d462022-01-05 10:01:08.964root 11241100x80000000000000006954504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08331889fa1dda2022-01-05 10:01:09.459root 11241100x80000000000000006954505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecda4558551a1be2022-01-05 10:01:09.459root 11241100x80000000000000006954506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6032d3da23029a2022-01-05 10:01:09.459root 11241100x80000000000000006954507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adab908eafff66bf2022-01-05 10:01:09.459root 11241100x80000000000000006954508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0708cf81456d3f62022-01-05 10:01:09.459root 11241100x80000000000000006954509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd15138305f45702022-01-05 10:01:09.459root 11241100x80000000000000006954510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b55ae99bd61322022-01-05 10:01:09.460root 11241100x80000000000000006954511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76dda91377f5fbe2022-01-05 10:01:09.460root 11241100x80000000000000006954512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313933f7268c67ce2022-01-05 10:01:09.460root 11241100x80000000000000006954513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39d3158541caed32022-01-05 10:01:09.460root 11241100x80000000000000006954514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c3ba3d914e99902022-01-05 10:01:09.460root 11241100x80000000000000006954515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5baebd53bca681c2022-01-05 10:01:09.460root 11241100x80000000000000006954516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd3eb2b6e4a816e2022-01-05 10:01:09.460root 11241100x80000000000000006954517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158396d9fae32cab2022-01-05 10:01:09.461root 11241100x80000000000000006954518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c638b8fae1aca16a2022-01-05 10:01:09.461root 11241100x80000000000000006954519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08371733e1ab0732022-01-05 10:01:09.461root 11241100x80000000000000006954520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70baee7975c61c092022-01-05 10:01:09.461root 11241100x80000000000000006954521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390d3cb81abb3e5b2022-01-05 10:01:09.461root 11241100x80000000000000006954522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de71d6b7fd9b46d2022-01-05 10:01:09.461root 11241100x80000000000000006954523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56531ace3c5acae92022-01-05 10:01:09.461root 11241100x80000000000000006954524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f2141c55ca05902022-01-05 10:01:09.461root 11241100x80000000000000006954525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d434599fab11de2022-01-05 10:01:09.461root 11241100x80000000000000006954526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1c8aa2d083326a2022-01-05 10:01:09.461root 11241100x80000000000000006954527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c55b1eda3653af2022-01-05 10:01:09.462root 11241100x80000000000000006954528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463e785d97f906462022-01-05 10:01:09.462root 11241100x80000000000000006954529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1ae0536176ac512022-01-05 10:01:09.462root 11241100x80000000000000006954530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c650ac08b092672c2022-01-05 10:01:09.462root 11241100x80000000000000006954531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276f16df567568572022-01-05 10:01:09.959root 11241100x80000000000000006954532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaba5797104e9a972022-01-05 10:01:09.959root 11241100x80000000000000006954533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ce4faa5274274e2022-01-05 10:01:09.959root 11241100x80000000000000006954534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b67bc1f46805db12022-01-05 10:01:09.960root 11241100x80000000000000006954535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645d14704e9852532022-01-05 10:01:09.960root 11241100x80000000000000006954536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe979cfa94d70ce2022-01-05 10:01:09.960root 11241100x80000000000000006954537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8bfde4e0125a062022-01-05 10:01:09.960root 11241100x80000000000000006954538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146842a4e22a20932022-01-05 10:01:09.960root 11241100x80000000000000006954539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b35b8bdd4e8f5b2022-01-05 10:01:09.960root 11241100x80000000000000006954540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42b0713b56003472022-01-05 10:01:09.960root 11241100x80000000000000006954541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eceacaa908f90c02022-01-05 10:01:09.960root 11241100x80000000000000006954542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1422721a76f93c002022-01-05 10:01:09.960root 11241100x80000000000000006954543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f16ef0f8a8c7072022-01-05 10:01:09.960root 11241100x80000000000000006954544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12716369fedbb8602022-01-05 10:01:09.960root 11241100x80000000000000006954545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b551c74230740fdd2022-01-05 10:01:09.960root 11241100x80000000000000006954546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4d8e27da44cf8e2022-01-05 10:01:09.960root 11241100x80000000000000006954547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6426c965ebbc072022-01-05 10:01:09.960root 11241100x80000000000000006954548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1bb6f07a29c1912022-01-05 10:01:09.960root 11241100x80000000000000006954549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384a7409e73274502022-01-05 10:01:09.961root 11241100x80000000000000006954550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9925ebc1ba920a2022-01-05 10:01:09.961root 11241100x80000000000000006954551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd68f459f4fed5312022-01-05 10:01:09.961root 11241100x80000000000000006954552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a4d0b59f36d98b2022-01-05 10:01:09.961root 11241100x80000000000000006954553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e47713a66a7e8d2022-01-05 10:01:09.961root 11241100x80000000000000006954554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf1966c25dcada02022-01-05 10:01:09.961root 11241100x80000000000000006954555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:09.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4186e4531eeea09a2022-01-05 10:01:09.961root 11241100x80000000000000006954556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caca0344d89a672e2022-01-05 10:01:10.459root 11241100x80000000000000006954557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f739e8074259d5e52022-01-05 10:01:10.459root 11241100x80000000000000006954558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036a089b78b3d5522022-01-05 10:01:10.459root 11241100x80000000000000006954559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342ea17e33ca4a1a2022-01-05 10:01:10.459root 11241100x80000000000000006954560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a45d2006b3f74b2022-01-05 10:01:10.459root 11241100x80000000000000006954561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c816d3b16e41c2022-01-05 10:01:10.459root 11241100x80000000000000006954562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b546562e8c707bd2022-01-05 10:01:10.460root 11241100x80000000000000006954563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df217283877746e2022-01-05 10:01:10.460root 11241100x80000000000000006954564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438c56e17a1ea65c2022-01-05 10:01:10.460root 11241100x80000000000000006954565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b715eed8fe6fe2022-01-05 10:01:10.460root 11241100x80000000000000006954566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269db4e44af451de2022-01-05 10:01:10.460root 11241100x80000000000000006954567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e8707cc74194562022-01-05 10:01:10.460root 11241100x80000000000000006954568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1e75dda0843452022-01-05 10:01:10.460root 11241100x80000000000000006954569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669950db0990b6fd2022-01-05 10:01:10.460root 11241100x80000000000000006954570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d8894b918e63fd2022-01-05 10:01:10.460root 11241100x80000000000000006954571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7325840526ec0aff2022-01-05 10:01:10.460root 11241100x80000000000000006954572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d313eaf26847002022-01-05 10:01:10.460root 11241100x80000000000000006954573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82e00fcaa8d3e72022-01-05 10:01:10.460root 11241100x80000000000000006954574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48167f4b5039ac12022-01-05 10:01:10.460root 11241100x80000000000000006954575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac00db210ff2fbe82022-01-05 10:01:10.461root 11241100x80000000000000006954576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5dea68abfcc7102022-01-05 10:01:10.461root 11241100x80000000000000006954577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c74a6f9558296d02022-01-05 10:01:10.461root 11241100x80000000000000006954578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a59c6c24619eff62022-01-05 10:01:10.461root 11241100x80000000000000006954579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50af857c706007222022-01-05 10:01:10.461root 11241100x80000000000000006954580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd873cfda34e8902022-01-05 10:01:10.462root 11241100x80000000000000006954581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e507719c1958882022-01-05 10:01:10.462root 11241100x80000000000000006954582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a14866f899a46b82022-01-05 10:01:10.462root 11241100x80000000000000006954583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74eb71418a00e5e02022-01-05 10:01:10.462root 11241100x80000000000000006954584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff22b0de51f13c712022-01-05 10:01:10.462root 11241100x80000000000000006954585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b696ada0e6f66e2022-01-05 10:01:10.959root 11241100x80000000000000006954586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba52e092a784856e2022-01-05 10:01:10.959root 11241100x80000000000000006954587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dbc4da443bb8352022-01-05 10:01:10.959root 11241100x80000000000000006954588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db96b0b79e3b9602022-01-05 10:01:10.959root 11241100x80000000000000006954589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc4a0e3f75aa10e2022-01-05 10:01:10.959root 11241100x80000000000000006954590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a103c900673e973d2022-01-05 10:01:10.960root 11241100x80000000000000006954591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8647630350c901f2022-01-05 10:01:10.960root 11241100x80000000000000006954592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9706f995b6a052022-01-05 10:01:10.960root 11241100x80000000000000006954593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b040118a6796442022-01-05 10:01:10.960root 11241100x80000000000000006954594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7987ccc8e0f1939e2022-01-05 10:01:10.960root 11241100x80000000000000006954595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f2837887951c3c2022-01-05 10:01:10.960root 11241100x80000000000000006954596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581ed80d410011022022-01-05 10:01:10.960root 11241100x80000000000000006954597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2548a8032dca76102022-01-05 10:01:10.961root 11241100x80000000000000006954598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c4f848018233952022-01-05 10:01:10.961root 11241100x80000000000000006954599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14dd6fd684e4ccfd2022-01-05 10:01:10.961root 11241100x80000000000000006954600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d409e67a4983f7fb2022-01-05 10:01:10.961root 11241100x80000000000000006954601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6723c584445f66802022-01-05 10:01:10.961root 11241100x80000000000000006954602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49960172a4b1d9c2022-01-05 10:01:10.961root 11241100x80000000000000006954603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4710da63d3c585db2022-01-05 10:01:10.961root 11241100x80000000000000006954604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be240fe3251d03c42022-01-05 10:01:10.961root 11241100x80000000000000006954605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a4923cef0f9df52022-01-05 10:01:10.961root 11241100x80000000000000006954606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a012828ea3f74ee2022-01-05 10:01:10.961root 11241100x80000000000000006954607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b193b6c6de4c34162022-01-05 10:01:10.962root 11241100x80000000000000006954608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e8fea7969b8c02022-01-05 10:01:10.962root 11241100x80000000000000006954609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4276ef77fa697aa2022-01-05 10:01:10.962root 11241100x80000000000000006954610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5014c77d397386762022-01-05 10:01:10.962root 11241100x80000000000000006954611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0907b4e10be875c62022-01-05 10:01:10.962root 11241100x80000000000000006954612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7fb6456e4ef8ce2022-01-05 10:01:10.962root 11241100x80000000000000006954613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bea59e3cce3e422022-01-05 10:01:10.962root 11241100x80000000000000006954614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce987d3c9e7224bd2022-01-05 10:01:10.962root 11241100x80000000000000006954615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847824b2c60ccc572022-01-05 10:01:10.962root 11241100x80000000000000006954616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d2eed16d7198c02022-01-05 10:01:10.962root 11241100x80000000000000006954617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d957b5971fe544682022-01-05 10:01:10.962root 11241100x80000000000000006954618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b935ae0044a62f2022-01-05 10:01:10.962root 11241100x80000000000000006954619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d87c1e39317eb52022-01-05 10:01:10.963root 11241100x80000000000000006954620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e9f84fcc1a555a2022-01-05 10:01:10.963root 11241100x80000000000000006954621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ed12acab6ac2bb2022-01-05 10:01:10.963root 11241100x80000000000000006954622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c5f4c4ffb71cd52022-01-05 10:01:10.963root 11241100x80000000000000006954623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ecb01200f05db82022-01-05 10:01:10.963root 11241100x80000000000000006954624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbd64e0cdfe98122022-01-05 10:01:10.963root 11241100x80000000000000006954625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2a139621ba362d2022-01-05 10:01:10.963root 11241100x80000000000000006954626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf55b579a73b050e2022-01-05 10:01:10.963root 11241100x80000000000000006954627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a4e6c8a98867e92022-01-05 10:01:10.963root 11241100x80000000000000006954628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3935cebbacf50a2022-01-05 10:01:10.963root 11241100x80000000000000006954629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb9ca63c1c48fa42022-01-05 10:01:10.963root 11241100x80000000000000006954630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a85ba8b303a8c2022-01-05 10:01:10.963root 11241100x80000000000000006954631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4adeb4547a8e6e02022-01-05 10:01:10.964root 11241100x80000000000000006954632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391735cb734bac2b2022-01-05 10:01:10.964root 11241100x80000000000000006954633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5f3cd22d83fa092022-01-05 10:01:10.964root 11241100x80000000000000006954634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcc1fe4df7713722022-01-05 10:01:10.964root 11241100x80000000000000006954635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7870626b204cb4c22022-01-05 10:01:10.964root 11241100x80000000000000006954636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df82441ff65f112022-01-05 10:01:10.964root 11241100x80000000000000006954637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356e11d9cb64553f2022-01-05 10:01:10.964root 11241100x80000000000000006954638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d371a4189f88c2022-01-05 10:01:10.964root 11241100x80000000000000006954639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8c8ca1a4b07f9c2022-01-05 10:01:10.964root 11241100x80000000000000006954640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f09f87e481331d52022-01-05 10:01:10.964root 11241100x80000000000000006954641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b53f556546b48112022-01-05 10:01:10.964root 11241100x80000000000000006954642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4da79d2febc61f2022-01-05 10:01:10.964root 11241100x80000000000000006954643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afb6b9d798b0fa12022-01-05 10:01:10.965root 11241100x80000000000000006954644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc209954f58e35e2022-01-05 10:01:10.965root 11241100x80000000000000006954645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93af83d305d12dea2022-01-05 10:01:10.965root 11241100x80000000000000006954646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1decb7b8367d17c02022-01-05 10:01:10.965root 11241100x80000000000000006954647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e65296fe4c58c72022-01-05 10:01:10.965root 11241100x80000000000000006954648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc67c85df4d68002022-01-05 10:01:10.965root 11241100x80000000000000006954649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fc298cd2bbfdde2022-01-05 10:01:10.965root 11241100x80000000000000006954650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068ef292e9d0b8902022-01-05 10:01:10.965root 11241100x80000000000000006954651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639a57368e623adf2022-01-05 10:01:10.966root 11241100x80000000000000006954652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45334077007ded12022-01-05 10:01:10.966root 11241100x80000000000000006954653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1b6f737ef753042022-01-05 10:01:10.967root 11241100x80000000000000006954654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3bd8028c43e0e42022-01-05 10:01:10.967root 11241100x80000000000000006954655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164e0d01d5f16a152022-01-05 10:01:10.967root 11241100x80000000000000006954656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405596aa4a4fdd02022-01-05 10:01:10.967root 11241100x80000000000000006954657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d486cf2f4b19c8692022-01-05 10:01:10.967root 11241100x80000000000000006954658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68e9e71b63cf2ad2022-01-05 10:01:10.967root 11241100x80000000000000006954659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badd9294ced23dc32022-01-05 10:01:10.967root 11241100x80000000000000006954660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c0ebde885e3f262022-01-05 10:01:10.967root 11241100x80000000000000006954661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a704677e116bb4472022-01-05 10:01:10.967root 11241100x80000000000000006954662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f30faf715ae8442022-01-05 10:01:10.967root 11241100x80000000000000006954663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c9bc5be1cf09d2022-01-05 10:01:10.967root 11241100x80000000000000006954664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d5bee7e85be2212022-01-05 10:01:10.971root 11241100x80000000000000006954665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72134ae1aa9ef7ed2022-01-05 10:01:10.971root 11241100x80000000000000006954666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816c78ef3580ca9a2022-01-05 10:01:10.971root 11241100x80000000000000006954667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030f38af9cfea7762022-01-05 10:01:10.971root 11241100x80000000000000006954668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41933074c94726ce2022-01-05 10:01:10.971root 11241100x80000000000000006954669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadb82e9212ef77c2022-01-05 10:01:10.971root 11241100x80000000000000006954670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.971{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3174a6080a30ed2022-01-05 10:01:10.971root 11241100x80000000000000006954671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaedc6a461a9d17d2022-01-05 10:01:10.972root 11241100x80000000000000006954672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.972{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f8d765866027932022-01-05 10:01:10.972root 11241100x80000000000000006954673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeea26eaf10b9c652022-01-05 10:01:10.973root 11241100x80000000000000006954674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99167ab0f506bb22022-01-05 10:01:10.973root 11241100x80000000000000006954675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee88a5d334fd382c2022-01-05 10:01:10.973root 11241100x80000000000000006954676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d42b556988b98132022-01-05 10:01:10.973root 11241100x80000000000000006954677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.973{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba9a71859464c6d2022-01-05 10:01:10.973root 11241100x80000000000000006954678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.974{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04cbb3439d01bab2022-01-05 10:01:10.974root 11241100x80000000000000006954679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.976{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba77b18e71c3f632022-01-05 10:01:10.976root 11241100x80000000000000006954680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.976{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de4137211c49eaa2022-01-05 10:01:10.976root 11241100x80000000000000006954681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.976{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa234c07dfa6fa2022-01-05 10:01:10.976root 11241100x80000000000000006954682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.978{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0b886c28e4706e2022-01-05 10:01:10.978root 11241100x80000000000000006954683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205b394b22557c1c2022-01-05 10:01:10.979root 11241100x80000000000000006954684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524756469533d5a72022-01-05 10:01:10.979root 11241100x80000000000000006954685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce0178ee37a26722022-01-05 10:01:10.979root 11241100x80000000000000006954686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47639b0774613be72022-01-05 10:01:10.979root 11241100x80000000000000006954687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb6a5f46c1349ad2022-01-05 10:01:10.979root 11241100x80000000000000006954688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7134889b6f211712022-01-05 10:01:10.979root 11241100x80000000000000006954689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730d095019405feb2022-01-05 10:01:10.979root 11241100x80000000000000006954690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.979{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bff8785899170e2022-01-05 10:01:10.979root 11241100x80000000000000006954691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939f170b324582502022-01-05 10:01:10.980root 11241100x80000000000000006954692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d466188942f0ba2022-01-05 10:01:10.980root 11241100x80000000000000006954693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827c1320abb4f8612022-01-05 10:01:10.980root 11241100x80000000000000006954694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f400f975cd9278b2022-01-05 10:01:10.980root 11241100x80000000000000006954695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122ed46099ac378d2022-01-05 10:01:10.980root 11241100x80000000000000006954696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.980{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd41d309c2a5164b2022-01-05 10:01:10.980root 11241100x80000000000000006954697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78ec0bc60ee71e32022-01-05 10:01:10.981root 11241100x80000000000000006954698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79963c7133697ed92022-01-05 10:01:10.981root 11241100x80000000000000006954699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9fce167daf70a42022-01-05 10:01:10.981root 11241100x80000000000000006954700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fbe9de6c72e9982022-01-05 10:01:10.981root 11241100x80000000000000006954701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801572ea8b525c0c2022-01-05 10:01:10.981root 11241100x80000000000000006954702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f53ea3b3cef6dbb2022-01-05 10:01:10.981root 11241100x80000000000000006954703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.981{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7774a678102f1ee62022-01-05 10:01:10.981root 11241100x80000000000000006954704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.982{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daddf5a969bbff942022-01-05 10:01:10.982root 11241100x80000000000000006954705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:10.982{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ad5fcac4fceb12022-01-05 10:01:10.982root 354300x80000000000000006954706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.230{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41678-false10.0.1.12-8000- 11241100x80000000000000006954707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c72b545646b435c2022-01-05 10:01:11.231root 11241100x80000000000000006954708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6161e7e5b33e6b902022-01-05 10:01:11.231root 11241100x80000000000000006954709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23de703f0bd7f7762022-01-05 10:01:11.231root 11241100x80000000000000006954710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40530e90da3fce6c2022-01-05 10:01:11.231root 11241100x80000000000000006954711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc4f26d34f0d3592022-01-05 10:01:11.231root 11241100x80000000000000006954712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859cfff03d3b59b32022-01-05 10:01:11.231root 11241100x80000000000000006954713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050c031bb410b0a92022-01-05 10:01:11.231root 11241100x80000000000000006954714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.231{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca5f66552e4076c2022-01-05 10:01:11.231root 11241100x80000000000000006954715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee461c57c56728962022-01-05 10:01:11.232root 11241100x80000000000000006954716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd15e85dc33af992022-01-05 10:01:11.232root 11241100x80000000000000006954717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f9343aeaa3a3752022-01-05 10:01:11.232root 11241100x80000000000000006954718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2dcfb1a22a22a22022-01-05 10:01:11.232root 11241100x80000000000000006954719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff58e1c09343e6a42022-01-05 10:01:11.232root 11241100x80000000000000006954720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0895c3f25dd0622022-01-05 10:01:11.232root 11241100x80000000000000006954721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbf7a424ac2eea02022-01-05 10:01:11.232root 11241100x80000000000000006954722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.232{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b809545a4a5d2122022-01-05 10:01:11.232root 11241100x80000000000000006954723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34850594ab3cf0652022-01-05 10:01:11.233root 11241100x80000000000000006954724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8739bb843049f7422022-01-05 10:01:11.233root 11241100x80000000000000006954725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb522e5ee8aca602022-01-05 10:01:11.233root 11241100x80000000000000006954726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813b29b3eb3c0592022-01-05 10:01:11.233root 11241100x80000000000000006954727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.233{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4021c374437806ce2022-01-05 10:01:11.233root 11241100x80000000000000006954728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb0bce0408c0df652022-01-05 10:01:11.234root 11241100x80000000000000006954729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781924e8c606d6b62022-01-05 10:01:11.234root 11241100x80000000000000006954730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.234{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60776ee834ddf762022-01-05 10:01:11.234root 11241100x80000000000000006954731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ead668ff2725dc2022-01-05 10:01:11.235root 11241100x80000000000000006954732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebd89c2ff5117672022-01-05 10:01:11.235root 11241100x80000000000000006954733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a7c52792c7ccb72022-01-05 10:01:11.235root 11241100x80000000000000006954734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7f5325d865fcc12022-01-05 10:01:11.235root 11241100x80000000000000006954735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb5af4837163e562022-01-05 10:01:11.235root 11241100x80000000000000006954736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.235{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721f6d024b7cd5e12022-01-05 10:01:11.235root 11241100x80000000000000006954737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd0d4712829a5432022-01-05 10:01:11.236root 11241100x80000000000000006954738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e1ea817aaed9b52022-01-05 10:01:11.236root 11241100x80000000000000006954739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.236{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074215261a9f9ae22022-01-05 10:01:11.236root 11241100x80000000000000006954740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81931d69fbf9723d2022-01-05 10:01:11.710root 11241100x80000000000000006954741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7258a3bc00d0f6c22022-01-05 10:01:11.710root 11241100x80000000000000006954742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc84a1c0234752f2022-01-05 10:01:11.710root 11241100x80000000000000006954743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08981c04203153aa2022-01-05 10:01:11.710root 11241100x80000000000000006954744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49a43f92f634ed22022-01-05 10:01:11.710root 11241100x80000000000000006954745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdf3da2cfae02f22022-01-05 10:01:11.710root 11241100x80000000000000006954746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff82ef434ed56d92022-01-05 10:01:11.710root 11241100x80000000000000006954747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f195e402b60386ed2022-01-05 10:01:11.710root 11241100x80000000000000006954748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d1616451aa0f702022-01-05 10:01:11.710root 11241100x80000000000000006954749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6262ec05e326e2b92022-01-05 10:01:11.710root 11241100x80000000000000006954750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933601cf7580841c2022-01-05 10:01:11.710root 11241100x80000000000000006954751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c844de41aa09b3c62022-01-05 10:01:11.710root 11241100x80000000000000006954752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a9acff948b1912022-01-05 10:01:11.710root 11241100x80000000000000006954753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c559fefa311362282022-01-05 10:01:11.711root 11241100x80000000000000006954754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09710ee7f5b84c372022-01-05 10:01:11.711root 11241100x80000000000000006954755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50e1e64905059c2022-01-05 10:01:11.711root 11241100x80000000000000006954756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede25148b10a44232022-01-05 10:01:11.711root 11241100x80000000000000006954757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d786d29173ca02582022-01-05 10:01:11.711root 11241100x80000000000000006954758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd663a9fec6045172022-01-05 10:01:11.711root 11241100x80000000000000006954759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd7fc0115bd74472022-01-05 10:01:11.711root 11241100x80000000000000006954760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0cc0afb8eb42812022-01-05 10:01:11.711root 11241100x80000000000000006954761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bde9963bc6b26e2022-01-05 10:01:11.711root 11241100x80000000000000006954762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d83d8aaf47a2202022-01-05 10:01:11.711root 11241100x80000000000000006954763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88192db8727750cc2022-01-05 10:01:11.711root 11241100x80000000000000006954764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:11.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f34c5621c8d7ba62022-01-05 10:01:11.711root 11241100x80000000000000006954765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf6cff607e0a9e82022-01-05 10:01:12.210root 11241100x80000000000000006954766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abb4a68025293f32022-01-05 10:01:12.210root 11241100x80000000000000006954767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d304ea735f995b02022-01-05 10:01:12.210root 11241100x80000000000000006954768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12a1f87862ef8422022-01-05 10:01:12.210root 11241100x80000000000000006954769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b2e7f958b34ef12022-01-05 10:01:12.211root 11241100x80000000000000006954770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4d43636901da3f2022-01-05 10:01:12.211root 11241100x80000000000000006954771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85699030375acd22022-01-05 10:01:12.211root 11241100x80000000000000006954772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc53d55b31dd30482022-01-05 10:01:12.211root 11241100x80000000000000006954773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3eff489a932d3f2022-01-05 10:01:12.211root 11241100x80000000000000006954774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a23b7122c4400e2022-01-05 10:01:12.211root 11241100x80000000000000006954775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b2d25c676c3e972022-01-05 10:01:12.211root 11241100x80000000000000006954776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b685bd4d8f8d85c2022-01-05 10:01:12.211root 11241100x80000000000000006954777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbea44904147ff72022-01-05 10:01:12.211root 11241100x80000000000000006954778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52c988ea6b5b4222022-01-05 10:01:12.211root 11241100x80000000000000006954779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731f4f777091f77c2022-01-05 10:01:12.211root 11241100x80000000000000006954780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80d99bdeca00f752022-01-05 10:01:12.212root 11241100x80000000000000006954781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b2c839557dc3c72022-01-05 10:01:12.212root 11241100x80000000000000006954782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c0b8d24dde5aee2022-01-05 10:01:12.212root 11241100x80000000000000006954783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d9692f079a0a1f2022-01-05 10:01:12.212root 11241100x80000000000000006954784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c72351bb74cadf72022-01-05 10:01:12.212root 11241100x80000000000000006954785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886a305b9f940e522022-01-05 10:01:12.212root 11241100x80000000000000006954786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c312c9fdcf98442022-01-05 10:01:12.212root 11241100x80000000000000006954787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a892c6c0aa29ba82022-01-05 10:01:12.212root 11241100x80000000000000006954788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1c8bc93ed061e32022-01-05 10:01:12.212root 11241100x80000000000000006954789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7d2337b4ad0d82022-01-05 10:01:12.212root 11241100x80000000000000006954790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f65cd6fe501fbd62022-01-05 10:01:12.709root 11241100x80000000000000006954791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddb7f06f43750b22022-01-05 10:01:12.709root 11241100x80000000000000006954792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75f42800e8fb63f2022-01-05 10:01:12.709root 11241100x80000000000000006954793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30741c028d51cca12022-01-05 10:01:12.709root 11241100x80000000000000006954794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c898f195cbb78f0f2022-01-05 10:01:12.709root 11241100x80000000000000006954795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fcc35151ed7952022-01-05 10:01:12.709root 11241100x80000000000000006954796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382c2a46ca85428e2022-01-05 10:01:12.710root 11241100x80000000000000006954797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dadb69d82e4703e2022-01-05 10:01:12.710root 11241100x80000000000000006954798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f0e0425f402e872022-01-05 10:01:12.710root 11241100x80000000000000006954799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ebb5ca5f10fbdb2022-01-05 10:01:12.710root 11241100x80000000000000006954800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e8a955819162b92022-01-05 10:01:12.710root 11241100x80000000000000006954801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0557c5679d03c22022-01-05 10:01:12.710root 11241100x80000000000000006954802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3ca3e5db0cd2202022-01-05 10:01:12.710root 11241100x80000000000000006954803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9166447baf5bdcf02022-01-05 10:01:12.710root 11241100x80000000000000006954804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65c1399664b0f8b2022-01-05 10:01:12.710root 11241100x80000000000000006954805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15087aad6df9e3782022-01-05 10:01:12.710root 11241100x80000000000000006954806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aaf48c30c318cd2022-01-05 10:01:12.710root 11241100x80000000000000006954807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133c6908584cfab02022-01-05 10:01:12.712root 11241100x80000000000000006954808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb544f8e0f69892022-01-05 10:01:12.712root 11241100x80000000000000006954809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2a482c096fac702022-01-05 10:01:12.712root 11241100x80000000000000006954810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a7c1f0c97c5a1d2022-01-05 10:01:12.712root 11241100x80000000000000006954811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e1a327d6fa2d012022-01-05 10:01:12.713root 11241100x80000000000000006954812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c372c68d00c31832022-01-05 10:01:12.713root 11241100x80000000000000006954813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01fe15db63ad23c2022-01-05 10:01:12.713root 11241100x80000000000000006954814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6d30038250ef522022-01-05 10:01:12.713root 11241100x80000000000000006954815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb890ba9be28a282022-01-05 10:01:12.713root 11241100x80000000000000006954816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501f5c7a27238e192022-01-05 10:01:12.713root 11241100x80000000000000006954817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff40af4bc6309322022-01-05 10:01:12.713root 11241100x80000000000000006954818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:12.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7450b7403af972342022-01-05 10:01:12.713root 11241100x80000000000000006954819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95067731f09c1772022-01-05 10:01:13.209root 11241100x80000000000000006954820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f93b1d82742fb32022-01-05 10:01:13.209root 11241100x80000000000000006954821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdb5028087a63c02022-01-05 10:01:13.210root 11241100x80000000000000006954822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc8a6c4348ceb822022-01-05 10:01:13.210root 11241100x80000000000000006954823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae13a0645368782022-01-05 10:01:13.210root 11241100x80000000000000006954824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a7e6b5935e32222022-01-05 10:01:13.210root 11241100x80000000000000006954825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11396ae589438e72022-01-05 10:01:13.210root 11241100x80000000000000006954826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fd1bcbfc473e342022-01-05 10:01:13.210root 11241100x80000000000000006954827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272a262f0bb3a6ed2022-01-05 10:01:13.210root 11241100x80000000000000006954828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105dc40622d915582022-01-05 10:01:13.210root 11241100x80000000000000006954829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44223d62831c52692022-01-05 10:01:13.210root 11241100x80000000000000006954830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536804f1a50b41f32022-01-05 10:01:13.210root 11241100x80000000000000006954831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ddaea5d2796f92022-01-05 10:01:13.210root 11241100x80000000000000006954832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1890e4a3e1bef02022-01-05 10:01:13.210root 11241100x80000000000000006954833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c5007900bb2b262022-01-05 10:01:13.210root 11241100x80000000000000006954834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9a088149e9c02f2022-01-05 10:01:13.210root 11241100x80000000000000006954835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446fedc16992bcb2022-01-05 10:01:13.211root 11241100x80000000000000006954836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f086050b1437842022-01-05 10:01:13.211root 11241100x80000000000000006954837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a2a1d18d7ee92d2022-01-05 10:01:13.211root 11241100x80000000000000006954838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891290b5bdc48dd12022-01-05 10:01:13.211root 11241100x80000000000000006954839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fe1c6024baefac2022-01-05 10:01:13.211root 11241100x80000000000000006954840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37b44648cccedf02022-01-05 10:01:13.211root 11241100x80000000000000006954841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09860ba9ce00930f2022-01-05 10:01:13.211root 11241100x80000000000000006954842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5141f4bf8462f612022-01-05 10:01:13.211root 11241100x80000000000000006954843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cdc2bce25c3b002022-01-05 10:01:13.211root 11241100x80000000000000006954844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41ebc2bec9944f2022-01-05 10:01:13.211root 11241100x80000000000000006954845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323d55ea3e88d1902022-01-05 10:01:13.211root 11241100x80000000000000006954846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4b4e1ca1fd03862022-01-05 10:01:13.709root 11241100x80000000000000006954847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40875bd6cdd1bb0a2022-01-05 10:01:13.709root 11241100x80000000000000006954848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f5f184266189eb2022-01-05 10:01:13.709root 11241100x80000000000000006954849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b6ebc25fda449c2022-01-05 10:01:13.709root 11241100x80000000000000006954850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd6331dc6e7d6f12022-01-05 10:01:13.709root 11241100x80000000000000006954851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f70f0e11eb2b74d2022-01-05 10:01:13.710root 11241100x80000000000000006954852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5405c99a7446ef2022-01-05 10:01:13.710root 11241100x80000000000000006954853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5821f60843f0ffa12022-01-05 10:01:13.710root 11241100x80000000000000006954854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db8d6162ed96c372022-01-05 10:01:13.710root 11241100x80000000000000006954855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f322e9300f25ff912022-01-05 10:01:13.710root 11241100x80000000000000006954856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb06e395bffb34e92022-01-05 10:01:13.710root 11241100x80000000000000006954857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9b743930f657862022-01-05 10:01:13.710root 11241100x80000000000000006954858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ff243752e20d02022-01-05 10:01:13.710root 11241100x80000000000000006954859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a53742f2e3346ce2022-01-05 10:01:13.710root 11241100x80000000000000006954860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a89cbe8311c600c2022-01-05 10:01:13.710root 11241100x80000000000000006954861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a7b84380a58aa12022-01-05 10:01:13.710root 11241100x80000000000000006954862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701216e0434d6e212022-01-05 10:01:13.710root 11241100x80000000000000006954863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066238b3e17907892022-01-05 10:01:13.710root 11241100x80000000000000006954864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ecb49c4b0a120b2022-01-05 10:01:13.710root 11241100x80000000000000006954865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6da349908ed3312022-01-05 10:01:13.710root 11241100x80000000000000006954866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4905c79f9e303e712022-01-05 10:01:13.711root 11241100x80000000000000006954867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e83660b754fa412022-01-05 10:01:13.711root 11241100x80000000000000006954868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a0105d7fa048502022-01-05 10:01:13.711root 11241100x80000000000000006954869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d37e16a02097f92022-01-05 10:01:13.711root 11241100x80000000000000006954870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691751a6161f33792022-01-05 10:01:13.711root 11241100x80000000000000006954871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6561477a4bd5e4412022-01-05 10:01:13.711root 11241100x80000000000000006954872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d36de0451dff452022-01-05 10:01:13.711root 11241100x80000000000000006954873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7c0706e1a646f12022-01-05 10:01:13.711root 11241100x80000000000000006954874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd537fc8af51c4f2022-01-05 10:01:13.711root 11241100x80000000000000006954875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:13.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1891b4d22f314e2022-01-05 10:01:13.711root 11241100x80000000000000006954876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045545f07a5bc2062022-01-05 10:01:14.209root 11241100x80000000000000006954877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8914df9b24c009a72022-01-05 10:01:14.210root 11241100x80000000000000006954878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822bc3d53dcd1bf02022-01-05 10:01:14.210root 11241100x80000000000000006954879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaac0eee9f65bcd2022-01-05 10:01:14.210root 11241100x80000000000000006954880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032fb130c22c2df92022-01-05 10:01:14.210root 11241100x80000000000000006954881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e0e591e21392c2022-01-05 10:01:14.210root 11241100x80000000000000006954882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd9d4688c5beae62022-01-05 10:01:14.210root 11241100x80000000000000006954883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ee4a41f6e4b3022022-01-05 10:01:14.211root 11241100x80000000000000006954884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d015cb50d0e2f52022-01-05 10:01:14.211root 11241100x80000000000000006954885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70bbdbfb93296602022-01-05 10:01:14.211root 11241100x80000000000000006954886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df86ab2b0d460892022-01-05 10:01:14.211root 11241100x80000000000000006954887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72bb7b89c381c6c2022-01-05 10:01:14.211root 11241100x80000000000000006954888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601af0bb916af9992022-01-05 10:01:14.211root 11241100x80000000000000006954889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971609fb0ea066dd2022-01-05 10:01:14.212root 11241100x80000000000000006954890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcac3b87f90857d2022-01-05 10:01:14.212root 11241100x80000000000000006954891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0aa34bda4412642022-01-05 10:01:14.212root 11241100x80000000000000006954892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8c19fff9096a762022-01-05 10:01:14.212root 11241100x80000000000000006954893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8295d2c897dfd72022-01-05 10:01:14.212root 11241100x80000000000000006954894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a207d6811411932022-01-05 10:01:14.212root 11241100x80000000000000006954895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297e14d11b8fcce92022-01-05 10:01:14.212root 11241100x80000000000000006954896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e06137beb39a902022-01-05 10:01:14.212root 11241100x80000000000000006954897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded555a2a85df32b2022-01-05 10:01:14.212root 11241100x80000000000000006954898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf0c68cbf806d162022-01-05 10:01:14.212root 11241100x80000000000000006954899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bb752011cb8da02022-01-05 10:01:14.213root 11241100x80000000000000006954900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ec29822a9258c72022-01-05 10:01:14.213root 11241100x80000000000000006954901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69d38546de55e7e2022-01-05 10:01:14.213root 11241100x80000000000000006954902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51743c6090dac992022-01-05 10:01:14.709root 11241100x80000000000000006954903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f1ba656f56c9b2022-01-05 10:01:14.709root 11241100x80000000000000006954904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcea77977be3d16e2022-01-05 10:01:14.710root 11241100x80000000000000006954905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449a1f9a3da9a5dc2022-01-05 10:01:14.710root 11241100x80000000000000006954906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69647753f341b3d52022-01-05 10:01:14.710root 11241100x80000000000000006954907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca988d6a8ba655272022-01-05 10:01:14.710root 11241100x80000000000000006954908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6156ac5527ab957a2022-01-05 10:01:14.710root 11241100x80000000000000006954909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285bde7cef3230df2022-01-05 10:01:14.710root 11241100x80000000000000006954910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f58bb130c572f82022-01-05 10:01:14.710root 11241100x80000000000000006954911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978824eb8d9cd5bb2022-01-05 10:01:14.710root 11241100x80000000000000006954912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad8031f10a95c012022-01-05 10:01:14.710root 11241100x80000000000000006954913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7ff8ad0c2167852022-01-05 10:01:14.710root 11241100x80000000000000006954914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee66ac560a3c8732022-01-05 10:01:14.711root 11241100x80000000000000006954915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01fb24761480afc2022-01-05 10:01:14.711root 11241100x80000000000000006954916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62811051977c16232022-01-05 10:01:14.711root 11241100x80000000000000006954917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ac4150135f6f1c2022-01-05 10:01:14.711root 11241100x80000000000000006954918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b1a2eadc01000f2022-01-05 10:01:14.711root 11241100x80000000000000006954919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1290e193423bfd2022-01-05 10:01:14.711root 11241100x80000000000000006954920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc572fd45c021aa2022-01-05 10:01:14.711root 11241100x80000000000000006954921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753e08c3c628743f2022-01-05 10:01:14.712root 11241100x80000000000000006954922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5156805ca4994bd02022-01-05 10:01:14.712root 11241100x80000000000000006954923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2322187d16d872022-01-05 10:01:14.712root 11241100x80000000000000006954924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bc07d7b445cdf82022-01-05 10:01:14.712root 11241100x80000000000000006954925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a169f77dfd4257a2022-01-05 10:01:14.712root 11241100x80000000000000006954926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35b71265f1b3a402022-01-05 10:01:14.712root 11241100x80000000000000006954927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba952a24168dc332022-01-05 10:01:14.712root 11241100x80000000000000006954928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872f50e1eb2ed4bf2022-01-05 10:01:14.712root 11241100x80000000000000006954929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:14.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69948abbbc51f352022-01-05 10:01:14.712root 11241100x80000000000000006954930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ef36e5777204aa2022-01-05 10:01:15.209root 11241100x80000000000000006954931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b8aa58a5f730ad2022-01-05 10:01:15.209root 11241100x80000000000000006954932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51f7fc031b59a6f2022-01-05 10:01:15.210root 11241100x80000000000000006954933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd3e651d808e4b2022-01-05 10:01:15.210root 11241100x80000000000000006954934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0aec6b8a51a3e72022-01-05 10:01:15.210root 11241100x80000000000000006954935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3473c16d5f403c62022-01-05 10:01:15.210root 11241100x80000000000000006954936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7f01553a02a4872022-01-05 10:01:15.210root 11241100x80000000000000006954937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4479a8db236575ea2022-01-05 10:01:15.210root 11241100x80000000000000006954938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416ee1df54b80c042022-01-05 10:01:15.210root 11241100x80000000000000006954939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67036773c13f838b2022-01-05 10:01:15.211root 11241100x80000000000000006954940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295783b29331a7312022-01-05 10:01:15.211root 11241100x80000000000000006954941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92bdab88d11248e02022-01-05 10:01:15.211root 11241100x80000000000000006954942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f2045e417982932022-01-05 10:01:15.212root 11241100x80000000000000006954943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08039b75ef315b3b2022-01-05 10:01:15.212root 11241100x80000000000000006954944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b71d045dca21d02022-01-05 10:01:15.212root 11241100x80000000000000006954945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190e97343ca30a9f2022-01-05 10:01:15.212root 11241100x80000000000000006954946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c84b7b270e3f202022-01-05 10:01:15.212root 11241100x80000000000000006954947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bdaa96adc91bd12022-01-05 10:01:15.213root 11241100x80000000000000006954948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06198b9e7327bee22022-01-05 10:01:15.213root 11241100x80000000000000006954949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae2c6f8a914ec6e2022-01-05 10:01:15.213root 11241100x80000000000000006954950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16076279544a65a2022-01-05 10:01:15.213root 11241100x80000000000000006954951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfa7c861e15f4f62022-01-05 10:01:15.213root 11241100x80000000000000006954952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255e516a22530fe72022-01-05 10:01:15.213root 11241100x80000000000000006954953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867244a01a3bbe1c2022-01-05 10:01:15.213root 11241100x80000000000000006954954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a566081b2f1806802022-01-05 10:01:15.213root 11241100x80000000000000006954955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d5c6ee0100526f2022-01-05 10:01:15.213root 11241100x80000000000000006954956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03795ecb5cfbd2d62022-01-05 10:01:15.213root 11241100x80000000000000006954957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abff5f5b28035862022-01-05 10:01:15.213root 11241100x80000000000000006954958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4871b8bef5276c2022-01-05 10:01:15.214root 11241100x80000000000000006954959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba288afcc70c27d2022-01-05 10:01:15.214root 11241100x80000000000000006954960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597ddaed4ddce90d2022-01-05 10:01:15.214root 11241100x80000000000000006954961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9b6d5da0218f62022-01-05 10:01:15.214root 11241100x80000000000000006954962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceec9cbb9989e3942022-01-05 10:01:15.709root 11241100x80000000000000006954963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0715f2db7f49e852022-01-05 10:01:15.709root 11241100x80000000000000006954964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc4a972c238d8db2022-01-05 10:01:15.710root 11241100x80000000000000006954965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5a2b9d65d01adc2022-01-05 10:01:15.710root 11241100x80000000000000006954966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4836a283c973a72022-01-05 10:01:15.710root 11241100x80000000000000006954967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd0c86e5f8a69282022-01-05 10:01:15.710root 11241100x80000000000000006954968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df9060146eda252022-01-05 10:01:15.710root 11241100x80000000000000006954969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2cbe6e7476ba742022-01-05 10:01:15.710root 11241100x80000000000000006954970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b8308bc1bc5a322022-01-05 10:01:15.710root 11241100x80000000000000006954971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48faee7fdd6c1712022-01-05 10:01:15.710root 11241100x80000000000000006954972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71184379cf8d700d2022-01-05 10:01:15.711root 11241100x80000000000000006954973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f19cb34549d14eb2022-01-05 10:01:15.711root 11241100x80000000000000006954974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492b30438d6b2eca2022-01-05 10:01:15.711root 11241100x80000000000000006954975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673d9789a877b252022-01-05 10:01:15.711root 11241100x80000000000000006954976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaf7f3fcaa987f02022-01-05 10:01:15.711root 11241100x80000000000000006954977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591d36cefe93f5192022-01-05 10:01:15.711root 11241100x80000000000000006954978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970177ab961a7b942022-01-05 10:01:15.711root 11241100x80000000000000006954979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e974a177e4cbbe2022-01-05 10:01:15.712root 11241100x80000000000000006954980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df32cc88eddfdbb2022-01-05 10:01:15.712root 11241100x80000000000000006954981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260f51c9216daf32022-01-05 10:01:15.712root 11241100x80000000000000006954982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafd0530281950d02022-01-05 10:01:15.712root 11241100x80000000000000006954983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9744e236f0686692022-01-05 10:01:15.712root 11241100x80000000000000006954984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce39b7a03893a652022-01-05 10:01:15.712root 11241100x80000000000000006954985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea8208ecd2d96b2022-01-05 10:01:15.713root 11241100x80000000000000006954986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:15.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a607aa6539c6ef112022-01-05 10:01:15.713root 11241100x80000000000000006954987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f48415824476e732022-01-05 10:01:16.210root 11241100x80000000000000006954988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b8dc4f1c44de352022-01-05 10:01:16.210root 11241100x80000000000000006954989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96701280ba782b842022-01-05 10:01:16.210root 11241100x80000000000000006954990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe48da625e437af2022-01-05 10:01:16.210root 11241100x80000000000000006954991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa463303d0771d2022-01-05 10:01:16.211root 11241100x80000000000000006954992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60ac3e903c8e692022-01-05 10:01:16.211root 11241100x80000000000000006954993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd93921237e7df72022-01-05 10:01:16.211root 11241100x80000000000000006954994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7f7674c1f56b52022-01-05 10:01:16.211root 11241100x80000000000000006954995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2abe91419794262022-01-05 10:01:16.211root 11241100x80000000000000006954996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ab6b03abbda95c2022-01-05 10:01:16.211root 11241100x80000000000000006954997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e685389e9056832022-01-05 10:01:16.211root 11241100x80000000000000006954998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baa2af18c7008252022-01-05 10:01:16.211root 11241100x80000000000000006954999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7760c8561290423c2022-01-05 10:01:16.211root 11241100x80000000000000006955000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1469e8a3712f6e62022-01-05 10:01:16.211root 11241100x80000000000000006955001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb02c3d1d1432c242022-01-05 10:01:16.211root 11241100x80000000000000006955002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515e6faf30213d962022-01-05 10:01:16.211root 11241100x80000000000000006955003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1d1a9e27ffca622022-01-05 10:01:16.211root 11241100x80000000000000006955004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430db7294c2202ef2022-01-05 10:01:16.211root 11241100x80000000000000006955005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de973a29127582702022-01-05 10:01:16.211root 11241100x80000000000000006955006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1551b8ec4f35482022-01-05 10:01:16.211root 11241100x80000000000000006955007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249d54a6680c01862022-01-05 10:01:16.212root 11241100x80000000000000006955008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf066787267a45b2022-01-05 10:01:16.212root 11241100x80000000000000006955009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db538a88b5e4e1da2022-01-05 10:01:16.212root 11241100x80000000000000006955010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43a6556ce254de12022-01-05 10:01:16.212root 11241100x80000000000000006955011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6407c2017804862022-01-05 10:01:16.212root 11241100x80000000000000006955012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50692ffc9773056b2022-01-05 10:01:16.710root 11241100x80000000000000006955013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e83b10d817d386b2022-01-05 10:01:16.710root 11241100x80000000000000006955014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb0732eca315cb02022-01-05 10:01:16.710root 11241100x80000000000000006955015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfbdc92644e4c452022-01-05 10:01:16.710root 11241100x80000000000000006955016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a830e94fce6a37f2022-01-05 10:01:16.710root 11241100x80000000000000006955017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41853f9072a9f1da2022-01-05 10:01:16.711root 11241100x80000000000000006955018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc0d0dbd458516f2022-01-05 10:01:16.711root 11241100x80000000000000006955019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97173a966103e4132022-01-05 10:01:16.711root 11241100x80000000000000006955020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ece3e44b8dca342022-01-05 10:01:16.711root 11241100x80000000000000006955021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be04697dc41713192022-01-05 10:01:16.712root 11241100x80000000000000006955022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11838429ba8927e2022-01-05 10:01:16.712root 11241100x80000000000000006955023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c156db2d87e76e82022-01-05 10:01:16.712root 11241100x80000000000000006955024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac5a10bfa0c00342022-01-05 10:01:16.712root 11241100x80000000000000006955025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe318d8f5ae3f40c2022-01-05 10:01:16.712root 11241100x80000000000000006955026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bd20aed32b26b2022-01-05 10:01:16.712root 11241100x80000000000000006955027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72ed861c4fcd442022-01-05 10:01:16.713root 11241100x80000000000000006955028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b732243d182692022-01-05 10:01:16.713root 11241100x80000000000000006955029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662ba74fc6eeb77f2022-01-05 10:01:16.713root 11241100x80000000000000006955030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6292cf581258f9c2022-01-05 10:01:16.713root 11241100x80000000000000006955031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2899ad023a1d25542022-01-05 10:01:16.713root 11241100x80000000000000006955032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db57be8f2963692022-01-05 10:01:16.714root 11241100x80000000000000006955033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7e0b2617dc0b422022-01-05 10:01:16.714root 11241100x80000000000000006955034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c3a21b0d1425c82022-01-05 10:01:16.714root 11241100x80000000000000006955035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210e0d7ccd1551722022-01-05 10:01:16.714root 11241100x80000000000000006955036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:16.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e49c5f5ae89c5c2022-01-05 10:01:16.714root 354300x80000000000000006955037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.163{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41680-false10.0.1.12-8000- 11241100x80000000000000006955038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15d9542fc470ade2022-01-05 10:01:17.164root 11241100x80000000000000006955039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2338aad80d946072022-01-05 10:01:17.164root 11241100x80000000000000006955040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.164{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de38c19883a62cad2022-01-05 10:01:17.164root 11241100x80000000000000006955041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55b3a4f856229662022-01-05 10:01:17.165root 11241100x80000000000000006955042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f9f3bdf2b6d82a2022-01-05 10:01:17.165root 11241100x80000000000000006955043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c867078b7af3cc2022-01-05 10:01:17.165root 11241100x80000000000000006955044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe6e522ef9dad532022-01-05 10:01:17.165root 11241100x80000000000000006955045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85792a150d18ee22022-01-05 10:01:17.165root 11241100x80000000000000006955046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74032d5a95611ce42022-01-05 10:01:17.165root 11241100x80000000000000006955047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.165{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25938998a2a6b722022-01-05 10:01:17.165root 11241100x80000000000000006955048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f376ff6b77171c2022-01-05 10:01:17.166root 11241100x80000000000000006955049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c77c5042eceec812022-01-05 10:01:17.166root 11241100x80000000000000006955050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd27ac3b90a6bf092022-01-05 10:01:17.166root 11241100x80000000000000006955051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88704419b7d2359b2022-01-05 10:01:17.166root 11241100x80000000000000006955052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.166{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9649780de077cd2022-01-05 10:01:17.166root 11241100x80000000000000006955053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc6c68aa186b9252022-01-05 10:01:17.167root 11241100x80000000000000006955054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181beb5ba1865692022-01-05 10:01:17.167root 11241100x80000000000000006955055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb63748171055012022-01-05 10:01:17.167root 11241100x80000000000000006955056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93d11cb065bf3a72022-01-05 10:01:17.167root 11241100x80000000000000006955057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec1a92abff17f2e2022-01-05 10:01:17.167root 11241100x80000000000000006955058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.167{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57493c0523f1f6b52022-01-05 10:01:17.167root 11241100x80000000000000006955059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.168{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c7d227f293863f2022-01-05 10:01:17.168root 11241100x80000000000000006955060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.168{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18ab43102aac6902022-01-05 10:01:17.168root 11241100x80000000000000006955061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abad98c2212437cd2022-01-05 10:01:17.169root 11241100x80000000000000006955062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97da213c69423862022-01-05 10:01:17.169root 11241100x80000000000000006955063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26fc3e3db306752e2022-01-05 10:01:17.169root 11241100x80000000000000006955064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bc5adc76013bfd2022-01-05 10:01:17.169root 11241100x80000000000000006955065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9495eba0c365f37d2022-01-05 10:01:17.169root 11241100x80000000000000006955066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.169{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37fb5e74cfc452f2022-01-05 10:01:17.169root 11241100x80000000000000006955067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02025ca7df47f47c2022-01-05 10:01:17.170root 11241100x80000000000000006955068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e54bc62b0dcdb662022-01-05 10:01:17.170root 11241100x80000000000000006955069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.170{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bb26416a3614042022-01-05 10:01:17.170root 11241100x80000000000000006955070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f18156fc09374f22022-01-05 10:01:17.460root 11241100x80000000000000006955071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5be609173b55cd02022-01-05 10:01:17.460root 11241100x80000000000000006955072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a164d1a73745b4eb2022-01-05 10:01:17.460root 11241100x80000000000000006955073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a27ed280cf01962022-01-05 10:01:17.460root 11241100x80000000000000006955074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5334e5208bf7b4512022-01-05 10:01:17.460root 11241100x80000000000000006955075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1add929c6bc2062022-01-05 10:01:17.460root 11241100x80000000000000006955076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8415aee814e59d62022-01-05 10:01:17.460root 11241100x80000000000000006955077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f13fecad9d753c02022-01-05 10:01:17.460root 11241100x80000000000000006955078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceadb0aed49af4252022-01-05 10:01:17.460root 11241100x80000000000000006955079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9618fcc7b6a609a22022-01-05 10:01:17.460root 11241100x80000000000000006955080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254541f5206f529b2022-01-05 10:01:17.461root 11241100x80000000000000006955081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6e769f1e09fd972022-01-05 10:01:17.461root 11241100x80000000000000006955082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a82b22efd9c10d2022-01-05 10:01:17.461root 11241100x80000000000000006955083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204d0a0a2988b0682022-01-05 10:01:17.461root 11241100x80000000000000006955084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700e1cdd2169b7962022-01-05 10:01:17.461root 11241100x80000000000000006955085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d6b8853f08d4c02022-01-05 10:01:17.461root 11241100x80000000000000006955086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7992bbdfb8607822022-01-05 10:01:17.461root 11241100x80000000000000006955087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9371f39f51fe152022-01-05 10:01:17.461root 11241100x80000000000000006955088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052d81507c07a1452022-01-05 10:01:17.461root 11241100x80000000000000006955089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d49d116884d7a72022-01-05 10:01:17.461root 11241100x80000000000000006955090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1833a7b0092203b2022-01-05 10:01:17.461root 11241100x80000000000000006955091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9e33978a0669802022-01-05 10:01:17.461root 11241100x80000000000000006955092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9d96ef17604f5b2022-01-05 10:01:17.462root 11241100x80000000000000006955093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798d6adf8dc22b9d2022-01-05 10:01:17.462root 11241100x80000000000000006955094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e817a29af632782d2022-01-05 10:01:17.462root 11241100x80000000000000006955095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7114c84230cc302022-01-05 10:01:17.462root 11241100x80000000000000006955096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813ff9ed1d306802022-01-05 10:01:17.959root 11241100x80000000000000006955097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55029b65e6e21822022-01-05 10:01:17.959root 11241100x80000000000000006955098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ec2f95b43b99dc2022-01-05 10:01:17.959root 11241100x80000000000000006955099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d864b45792e2e82022-01-05 10:01:17.960root 11241100x80000000000000006955100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919bc6d6ad30de8e2022-01-05 10:01:17.960root 11241100x80000000000000006955101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dc672f8606fe5a2022-01-05 10:01:17.960root 11241100x80000000000000006955102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e073a16c4fec3ef62022-01-05 10:01:17.960root 11241100x80000000000000006955103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01dc2e545ba03bb2022-01-05 10:01:17.961root 11241100x80000000000000006955104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21094f40c1e342932022-01-05 10:01:17.961root 11241100x80000000000000006955105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4381a7e484a85f022022-01-05 10:01:17.961root 11241100x80000000000000006955106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc869d1e352443e2022-01-05 10:01:17.961root 11241100x80000000000000006955107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809f40ac0a6087522022-01-05 10:01:17.961root 11241100x80000000000000006955108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d207f773f5df0bc42022-01-05 10:01:17.962root 11241100x80000000000000006955109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0756c887296b69082022-01-05 10:01:17.962root 11241100x80000000000000006955110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b68643d329255c2022-01-05 10:01:17.962root 11241100x80000000000000006955111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7f8886cfe269a32022-01-05 10:01:17.962root 11241100x80000000000000006955112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e1338d74b8af92022-01-05 10:01:17.962root 11241100x80000000000000006955113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da942007a80947082022-01-05 10:01:17.962root 11241100x80000000000000006955114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca7c770fc6162242022-01-05 10:01:17.962root 11241100x80000000000000006955115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67a76f3332f2042022-01-05 10:01:17.963root 11241100x80000000000000006955116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc25519d2adaf3ba2022-01-05 10:01:17.963root 11241100x80000000000000006955117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3ef4fc9c92b5ab2022-01-05 10:01:17.963root 11241100x80000000000000006955118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec5ab1b6e50dbac2022-01-05 10:01:17.963root 11241100x80000000000000006955119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f6a93a775307542022-01-05 10:01:17.963root 11241100x80000000000000006955120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bc822ba99bf7ec2022-01-05 10:01:17.964root 11241100x80000000000000006955121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91033d02a7f5a95c2022-01-05 10:01:17.964root 11241100x80000000000000006955122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87eed2ec70c88a42022-01-05 10:01:17.964root 11241100x80000000000000006955123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608ed575b5ebe9322022-01-05 10:01:17.964root 11241100x80000000000000006955124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c620a31a0b9e0b292022-01-05 10:01:17.965root 11241100x80000000000000006955125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2513a394b980dff2022-01-05 10:01:17.965root 11241100x80000000000000006955126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729f52a0d25502ac2022-01-05 10:01:17.967root 11241100x80000000000000006955127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:17.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a33519606a27792022-01-05 10:01:17.968root 11241100x80000000000000006955128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d972ba078d79522022-01-05 10:01:18.459root 11241100x80000000000000006955129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26c5006eab09db62022-01-05 10:01:18.459root 11241100x80000000000000006955130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37aba6ed989fce312022-01-05 10:01:18.459root 11241100x80000000000000006955131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b14b68281fe2912022-01-05 10:01:18.459root 11241100x80000000000000006955132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4f04252bc02c202022-01-05 10:01:18.459root 11241100x80000000000000006955133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09187f0948ca53662022-01-05 10:01:18.459root 11241100x80000000000000006955134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300e20e9c1673ea92022-01-05 10:01:18.459root 11241100x80000000000000006955135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba64dde66c2f202022-01-05 10:01:18.459root 11241100x80000000000000006955136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8bf2e76548a14d2022-01-05 10:01:18.459root 11241100x80000000000000006955137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecec8aadac4ff402022-01-05 10:01:18.460root 11241100x80000000000000006955138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296176dc8e8dc1f12022-01-05 10:01:18.460root 11241100x80000000000000006955139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46f801a602ab0fd2022-01-05 10:01:18.460root 11241100x80000000000000006955140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49d6ad89b543472022-01-05 10:01:18.461root 11241100x80000000000000006955141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0faf3bbb0471800a2022-01-05 10:01:18.461root 11241100x80000000000000006955142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d4dbd0427c08f2022-01-05 10:01:18.461root 11241100x80000000000000006955143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b78e92bd8f8f03e2022-01-05 10:01:18.461root 11241100x80000000000000006955144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7896be309a27822022-01-05 10:01:18.461root 11241100x80000000000000006955145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b370798a4b9b1c032022-01-05 10:01:18.462root 11241100x80000000000000006955146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f51b6120cdd288c2022-01-05 10:01:18.462root 11241100x80000000000000006955147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0c61dcc1acd0932022-01-05 10:01:18.462root 11241100x80000000000000006955148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493fdf8af26e20582022-01-05 10:01:18.462root 11241100x80000000000000006955149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bd7ed06fea85212022-01-05 10:01:18.462root 11241100x80000000000000006955150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0454f278fbace7642022-01-05 10:01:18.462root 11241100x80000000000000006955151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6369ae71fff86e3f2022-01-05 10:01:18.462root 11241100x80000000000000006955152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c395602613952d2022-01-05 10:01:18.462root 11241100x80000000000000006955153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e933476fcfe940552022-01-05 10:01:18.462root 11241100x80000000000000006955154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672222199dde71922022-01-05 10:01:18.462root 11241100x80000000000000006955155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a2b169fe6444d72022-01-05 10:01:18.959root 11241100x80000000000000006955156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f238d0d64becc522022-01-05 10:01:18.959root 11241100x80000000000000006955157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066d0ec3d94392302022-01-05 10:01:18.959root 11241100x80000000000000006955158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2510f124f4fc33a2022-01-05 10:01:18.959root 11241100x80000000000000006955159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc20cd921f480b92022-01-05 10:01:18.959root 11241100x80000000000000006955160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc9e99b76d1fe3d2022-01-05 10:01:18.959root 11241100x80000000000000006955161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cc9ffd677d7cc62022-01-05 10:01:18.959root 11241100x80000000000000006955162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a5ae94ba988a72022-01-05 10:01:18.959root 11241100x80000000000000006955163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6991248b5272622022-01-05 10:01:18.959root 11241100x80000000000000006955164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55f769ba5d27e422022-01-05 10:01:18.960root 11241100x80000000000000006955165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f298993b3c1cc532022-01-05 10:01:18.960root 11241100x80000000000000006955166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3480d9e5d186f6752022-01-05 10:01:18.960root 11241100x80000000000000006955167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a2898e477e04822022-01-05 10:01:18.960root 11241100x80000000000000006955168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8cf7b236c856ff2022-01-05 10:01:18.960root 11241100x80000000000000006955169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e1d84d970fa45b2022-01-05 10:01:18.960root 11241100x80000000000000006955170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf97c854f424e1b2022-01-05 10:01:18.960root 11241100x80000000000000006955171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941ad573aa5a8d5e2022-01-05 10:01:18.960root 11241100x80000000000000006955172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926e4a1d431fd3e22022-01-05 10:01:18.960root 11241100x80000000000000006955173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d85358d9614101c2022-01-05 10:01:18.961root 11241100x80000000000000006955174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11df8e5aa3d502352022-01-05 10:01:18.961root 11241100x80000000000000006955175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8727caf6470f5ac2022-01-05 10:01:18.961root 11241100x80000000000000006955176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c16748023984752022-01-05 10:01:18.961root 11241100x80000000000000006955177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09a980a56ce68ae2022-01-05 10:01:18.961root 11241100x80000000000000006955178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f828aa98eef3e2022-01-05 10:01:18.961root 11241100x80000000000000006955179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3db2fdb330840d62022-01-05 10:01:18.961root 11241100x80000000000000006955180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489f118e46b1f7792022-01-05 10:01:18.961root 11241100x80000000000000006955181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8979929852675d6e2022-01-05 10:01:18.961root 11241100x80000000000000006955182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89205075ac978e612022-01-05 10:01:18.961root 11241100x80000000000000006955183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb6f011178aee72022-01-05 10:01:18.961root 11241100x80000000000000006955184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4af9b170c9af8c22022-01-05 10:01:18.961root 11241100x80000000000000006955185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01129f37dac7b942022-01-05 10:01:18.961root 11241100x80000000000000006955186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b8c135bfed776f2022-01-05 10:01:18.962root 11241100x80000000000000006955187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d47cc4bbfbd0c3a2022-01-05 10:01:18.962root 11241100x80000000000000006955188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ccce3ce6c3ccb72022-01-05 10:01:18.962root 11241100x80000000000000006955189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c7d94e200868432022-01-05 10:01:18.962root 11241100x80000000000000006955190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21d1ec0dd59f0202022-01-05 10:01:18.962root 11241100x80000000000000006955191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3bcd3552f8c7902022-01-05 10:01:18.962root 11241100x80000000000000006955192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78643ac5e425641b2022-01-05 10:01:18.962root 11241100x80000000000000006955193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78481f2d60cd8df52022-01-05 10:01:18.962root 11241100x80000000000000006955194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a47044e731ccd382022-01-05 10:01:18.962root 11241100x80000000000000006955195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206aa8ad7ee543852022-01-05 10:01:18.962root 11241100x80000000000000006955196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2681afdad6de37912022-01-05 10:01:18.962root 11241100x80000000000000006955197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a8deaf375270d2022-01-05 10:01:18.962root 11241100x80000000000000006955198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325d3740453e5b2c2022-01-05 10:01:18.962root 11241100x80000000000000006955199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82eee5c58af76a442022-01-05 10:01:18.963root 11241100x80000000000000006955200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143a9bfcece38aa92022-01-05 10:01:18.963root 11241100x80000000000000006955201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3fa40e6d219cb92022-01-05 10:01:18.963root 11241100x80000000000000006955202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5939df9720dac9d2022-01-05 10:01:18.963root 11241100x80000000000000006955203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9057c817ba72102022-01-05 10:01:18.963root 11241100x80000000000000006955204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59914d86ddb29d0b2022-01-05 10:01:18.963root 11241100x80000000000000006955205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b159a99b735fe5242022-01-05 10:01:18.963root 11241100x80000000000000006955206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a73e5c5bf6c448a2022-01-05 10:01:18.963root 11241100x80000000000000006955207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e769bab4dad31c2022-01-05 10:01:18.963root 11241100x80000000000000006955208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83347f720dd55f532022-01-05 10:01:18.964root 11241100x80000000000000006955209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988ff610fcaf8db72022-01-05 10:01:18.964root 11241100x80000000000000006955210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1410b07b0343ea2022-01-05 10:01:18.964root 11241100x80000000000000006955211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191b2570d0c0b1242022-01-05 10:01:18.964root 11241100x80000000000000006955212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109fd7f4b94d5a322022-01-05 10:01:18.964root 11241100x80000000000000006955213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95672eca98ed1a2022-01-05 10:01:18.964root 11241100x80000000000000006955214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54b0043d7fcef502022-01-05 10:01:18.964root 11241100x80000000000000006955215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23846e3dfe8b69712022-01-05 10:01:18.964root 11241100x80000000000000006955216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78abbc6a5f0cd68b2022-01-05 10:01:18.964root 11241100x80000000000000006955217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37d16c5ebdbf60942022-01-05 10:01:18.964root 11241100x80000000000000006955218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f7f345d74aef792022-01-05 10:01:18.964root 11241100x80000000000000006955219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840ab2afc6512eb22022-01-05 10:01:18.964root 11241100x80000000000000006955220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77256714b44c823e2022-01-05 10:01:18.964root 11241100x80000000000000006955221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ab2759b4a7d4c92022-01-05 10:01:18.965root 11241100x80000000000000006955222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9162f8302992c32022-01-05 10:01:18.965root 11241100x80000000000000006955223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98776380d92490012022-01-05 10:01:18.965root 11241100x80000000000000006955224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d348e081cb774dcd2022-01-05 10:01:18.965root 11241100x80000000000000006955225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02269ca1b32086f72022-01-05 10:01:18.965root 11241100x80000000000000006955226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd953594326222662022-01-05 10:01:18.965root 11241100x80000000000000006955227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fd6249f5050b902022-01-05 10:01:18.965root 11241100x80000000000000006955228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c534566aff29d82022-01-05 10:01:18.965root 11241100x80000000000000006955229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46456637d873152022-01-05 10:01:18.965root 11241100x80000000000000006955230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5aa36077d7cfa22022-01-05 10:01:18.965root 11241100x80000000000000006955231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1a96d6787c4f92022-01-05 10:01:18.966root 11241100x80000000000000006955232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716635547cde5172022-01-05 10:01:18.966root 11241100x80000000000000006955233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3256e8b688fd9acf2022-01-05 10:01:18.966root 11241100x80000000000000006955234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827435ea2ac288f2022-01-05 10:01:18.966root 11241100x80000000000000006955235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa6825f72e5ff892022-01-05 10:01:18.966root 11241100x80000000000000006955236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ceef9ccf7ee9b62022-01-05 10:01:18.966root 11241100x80000000000000006955237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8617207fc5adfc992022-01-05 10:01:18.966root 11241100x80000000000000006955238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.966{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6589ba960b6eefb52022-01-05 10:01:18.966root 11241100x80000000000000006955239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec47801ea68ac8d2022-01-05 10:01:18.967root 11241100x80000000000000006955240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b244f126e0d592022-01-05 10:01:18.967root 11241100x80000000000000006955241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387a078122c105ad2022-01-05 10:01:18.967root 11241100x80000000000000006955242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc3abb110a7b0b2022-01-05 10:01:18.967root 11241100x80000000000000006955243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa71891567b7b4b2022-01-05 10:01:18.968root 11241100x80000000000000006955244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea86ce3c2b7d54a2022-01-05 10:01:18.968root 11241100x80000000000000006955245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:18.968{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbaca075e2cc09b62022-01-05 10:01:18.968root 11241100x80000000000000006955246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faef4b494901e63d2022-01-05 10:01:19.459root 11241100x80000000000000006955247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdaace48499bb12c2022-01-05 10:01:19.459root 11241100x80000000000000006955248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdc3ac11acb190e2022-01-05 10:01:19.459root 11241100x80000000000000006955249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d5c3517e8944992022-01-05 10:01:19.459root 11241100x80000000000000006955250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63bc4bd83a57efe2022-01-05 10:01:19.460root 11241100x80000000000000006955251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841a6f825a6b8f8f2022-01-05 10:01:19.460root 11241100x80000000000000006955252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd11759aaf4f0612022-01-05 10:01:19.460root 11241100x80000000000000006955253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4084f63a512416802022-01-05 10:01:19.460root 11241100x80000000000000006955254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea983f654dad78e2022-01-05 10:01:19.460root 11241100x80000000000000006955255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff85f27bd072b0ef2022-01-05 10:01:19.460root 11241100x80000000000000006955256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701d13f9ae0408672022-01-05 10:01:19.460root 11241100x80000000000000006955257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90a5abdf2c2c0ca2022-01-05 10:01:19.460root 11241100x80000000000000006955258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc275c6e95bcd05d2022-01-05 10:01:19.460root 11241100x80000000000000006955259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ac774655c182262022-01-05 10:01:19.460root 11241100x80000000000000006955260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d377f848b9111592022-01-05 10:01:19.461root 11241100x80000000000000006955261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07203c6daa36f5d62022-01-05 10:01:19.461root 11241100x80000000000000006955262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf26c2446560e4a2022-01-05 10:01:19.461root 11241100x80000000000000006955263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9d0114ef5fc7342022-01-05 10:01:19.461root 11241100x80000000000000006955264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71cb5735f8b77aa2022-01-05 10:01:19.461root 11241100x80000000000000006955265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c2b07bd73265f22022-01-05 10:01:19.461root 11241100x80000000000000006955266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389ea2cde2e711e52022-01-05 10:01:19.461root 11241100x80000000000000006955267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1a089b8bd50d52022-01-05 10:01:19.461root 11241100x80000000000000006955268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89adb32902e5bef92022-01-05 10:01:19.461root 11241100x80000000000000006955269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904537d84a47b7e52022-01-05 10:01:19.461root 11241100x80000000000000006955270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560652fda6f8b0f22022-01-05 10:01:19.461root 11241100x80000000000000006955271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9788ac167dca51882022-01-05 10:01:19.461root 11241100x80000000000000006955272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0dda37a6a6982232022-01-05 10:01:19.461root 11241100x80000000000000006955273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb0990bfe4cafb82022-01-05 10:01:19.461root 11241100x80000000000000006955274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d73aff6caac34e62022-01-05 10:01:19.461root 11241100x80000000000000006955275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7a83e62c32df022022-01-05 10:01:19.462root 11241100x80000000000000006955276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e34bd2327b54c92022-01-05 10:01:19.959root 11241100x80000000000000006955277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d576ff8a9446942022-01-05 10:01:19.959root 11241100x80000000000000006955278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6617b3b5b037fa3a2022-01-05 10:01:19.960root 11241100x80000000000000006955279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd390b74bbcebeca2022-01-05 10:01:19.960root 11241100x80000000000000006955280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098a306e7469fd2c2022-01-05 10:01:19.960root 11241100x80000000000000006955281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0750f52d40353cc02022-01-05 10:01:19.960root 11241100x80000000000000006955282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599c205ffcc0596d2022-01-05 10:01:19.960root 11241100x80000000000000006955283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9575c667473fdb5c2022-01-05 10:01:19.961root 11241100x80000000000000006955284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f927ed571038306f2022-01-05 10:01:19.961root 11241100x80000000000000006955285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a247562fea7eb0a2022-01-05 10:01:19.961root 11241100x80000000000000006955286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce92b3390b93543f2022-01-05 10:01:19.961root 11241100x80000000000000006955287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2a741bcc9602c32022-01-05 10:01:19.961root 11241100x80000000000000006955288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec36162b864cd9982022-01-05 10:01:19.961root 11241100x80000000000000006955289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7eb000b16cf900d2022-01-05 10:01:19.961root 11241100x80000000000000006955290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a724e6f50efb89692022-01-05 10:01:19.961root 11241100x80000000000000006955291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6ca0787266d8302022-01-05 10:01:19.961root 11241100x80000000000000006955292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457ca9056d1c27da2022-01-05 10:01:19.961root 11241100x80000000000000006955293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1cb267ebd0ae722022-01-05 10:01:19.961root 11241100x80000000000000006955294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e75cd5149a01af2022-01-05 10:01:19.961root 11241100x80000000000000006955295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6929686fb827e132022-01-05 10:01:19.961root 11241100x80000000000000006955296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1125cd48e9201c522022-01-05 10:01:19.961root 11241100x80000000000000006955297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d53067f254edde2022-01-05 10:01:19.962root 11241100x80000000000000006955298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb534525d7cfcb9d2022-01-05 10:01:19.962root 11241100x80000000000000006955299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b0bae5a87b9b542022-01-05 10:01:19.962root 11241100x80000000000000006955300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa7d75c20e8bf292022-01-05 10:01:19.962root 11241100x80000000000000006955301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eb4add91d8b5c32022-01-05 10:01:19.962root 11241100x80000000000000006955302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:19.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127dcc6aee7f803b2022-01-05 10:01:19.962root 11241100x80000000000000006955303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de17597271d136332022-01-05 10:01:20.459root 11241100x80000000000000006955304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b66d5a775aeacf2022-01-05 10:01:20.459root 11241100x80000000000000006955305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35994abdfeb05b7c2022-01-05 10:01:20.459root 11241100x80000000000000006955306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d83a28fee7d74ec2022-01-05 10:01:20.459root 11241100x80000000000000006955307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19493e7d34876f7c2022-01-05 10:01:20.459root 11241100x80000000000000006955308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cefd487a2ef2b4f2022-01-05 10:01:20.460root 11241100x80000000000000006955309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5076a6ed8c82dcda2022-01-05 10:01:20.460root 11241100x80000000000000006955310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df75502833f98e4b2022-01-05 10:01:20.460root 11241100x80000000000000006955311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d8a74a622e967a2022-01-05 10:01:20.460root 11241100x80000000000000006955312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30adaf3859bc9ec2022-01-05 10:01:20.460root 11241100x80000000000000006955313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae709b7c0b5d47b12022-01-05 10:01:20.460root 11241100x80000000000000006955314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82eb8194afd414a2022-01-05 10:01:20.460root 11241100x80000000000000006955315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19e8adc132bed852022-01-05 10:01:20.460root 11241100x80000000000000006955316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a676cf95ea1d872022-01-05 10:01:20.460root 11241100x80000000000000006955317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914c89d2ba809f02022-01-05 10:01:20.460root 11241100x80000000000000006955318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7cef9ceabad86d2022-01-05 10:01:20.460root 11241100x80000000000000006955319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd528005526e7512022-01-05 10:01:20.460root 11241100x80000000000000006955320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858fe64bd2b519182022-01-05 10:01:20.460root 11241100x80000000000000006955321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dc317d1a91e7ed2022-01-05 10:01:20.461root 11241100x80000000000000006955322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0a64ba688da11e2022-01-05 10:01:20.461root 11241100x80000000000000006955323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4333efbf7e383b552022-01-05 10:01:20.461root 11241100x80000000000000006955324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb879811a71517d2022-01-05 10:01:20.461root 11241100x80000000000000006955325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a695d41f6928ca8d2022-01-05 10:01:20.461root 11241100x80000000000000006955326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c1fda89aedb1232022-01-05 10:01:20.461root 11241100x80000000000000006955327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ebb51fbc4a17d42022-01-05 10:01:20.461root 11241100x80000000000000006955328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58464164afc8bf342022-01-05 10:01:20.461root 11241100x80000000000000006955329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68b65ce196a6abd2022-01-05 10:01:20.461root 11241100x80000000000000006955330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e8ff5434bd48ab2022-01-05 10:01:20.461root 11241100x80000000000000006955331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c55966c715bd332022-01-05 10:01:20.461root 11241100x80000000000000006955332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330f54c468ce278c2022-01-05 10:01:20.959root 11241100x80000000000000006955333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792db8ad0f3328e72022-01-05 10:01:20.959root 11241100x80000000000000006955334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7d3e8c224363d72022-01-05 10:01:20.960root 11241100x80000000000000006955335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170929ae6cc2b9962022-01-05 10:01:20.960root 11241100x80000000000000006955336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5967a997ce039c2022-01-05 10:01:20.960root 11241100x80000000000000006955337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449d0ad63f2236922022-01-05 10:01:20.960root 11241100x80000000000000006955338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779823e116da4d0a2022-01-05 10:01:20.960root 11241100x80000000000000006955339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e818bbecc03afd6d2022-01-05 10:01:20.960root 11241100x80000000000000006955340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a86b7e514396bc52022-01-05 10:01:20.960root 11241100x80000000000000006955341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f95e27f06d469f2022-01-05 10:01:20.960root 11241100x80000000000000006955342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e9e32fd63a92512022-01-05 10:01:20.960root 11241100x80000000000000006955343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbab3ef36bd450d2022-01-05 10:01:20.960root 11241100x80000000000000006955344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be53e8ad2386b4e72022-01-05 10:01:20.960root 11241100x80000000000000006955345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e6043d01dbc5932022-01-05 10:01:20.960root 11241100x80000000000000006955346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1228a19ce82d24782022-01-05 10:01:20.960root 11241100x80000000000000006955347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a0d555724c50f62022-01-05 10:01:20.961root 11241100x80000000000000006955348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862b33867cc1fb4a2022-01-05 10:01:20.961root 11241100x80000000000000006955349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734999d1ea51734c2022-01-05 10:01:20.961root 11241100x80000000000000006955350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b50ba1aca173092022-01-05 10:01:20.961root 11241100x80000000000000006955351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448d5113e7ef245a2022-01-05 10:01:20.961root 11241100x80000000000000006955352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906b9015e7f745062022-01-05 10:01:20.961root 11241100x80000000000000006955353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e24945f25662b42022-01-05 10:01:20.961root 11241100x80000000000000006955354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9028e5b93b809c9f2022-01-05 10:01:20.961root 11241100x80000000000000006955355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603bde1c54311cf22022-01-05 10:01:20.961root 11241100x80000000000000006955356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d5cffea9769422022-01-05 10:01:20.961root 11241100x80000000000000006955357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee9436f57afd7892022-01-05 10:01:20.961root 11241100x80000000000000006955358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:20.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf0d2f80ab1f442022-01-05 10:01:20.961root 11241100x80000000000000006955359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139bad3c86d978a92022-01-05 10:01:21.459root 11241100x80000000000000006955360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b01e59f5f706ed32022-01-05 10:01:21.460root 11241100x80000000000000006955361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6ed0de626324ee2022-01-05 10:01:21.460root 11241100x80000000000000006955362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de320ed6d98b44962022-01-05 10:01:21.460root 11241100x80000000000000006955363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd376f8ae9cd86792022-01-05 10:01:21.460root 11241100x80000000000000006955364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a108b4749d568fe2022-01-05 10:01:21.460root 11241100x80000000000000006955365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdd5ecf05f5f6732022-01-05 10:01:21.460root 11241100x80000000000000006955366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f346dffebafc6b2022-01-05 10:01:21.460root 11241100x80000000000000006955367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9116cdac050c29722022-01-05 10:01:21.460root 11241100x80000000000000006955368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a6cc2b0d51b582022-01-05 10:01:21.460root 11241100x80000000000000006955369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d210b74155613ad2022-01-05 10:01:21.460root 11241100x80000000000000006955370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e00c4b591e45e12022-01-05 10:01:21.460root 11241100x80000000000000006955371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82bc75eee1f28452022-01-05 10:01:21.460root 11241100x80000000000000006955372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5643c83fda4b35be2022-01-05 10:01:21.461root 11241100x80000000000000006955373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff36474a8a99e42022-01-05 10:01:21.461root 11241100x80000000000000006955374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad8de03a2de8eb42022-01-05 10:01:21.461root 11241100x80000000000000006955375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c5c8ef4abb117c2022-01-05 10:01:21.461root 11241100x80000000000000006955376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0616138e6d31e4002022-01-05 10:01:21.461root 11241100x80000000000000006955377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866f23f90ceefbc92022-01-05 10:01:21.461root 11241100x80000000000000006955378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7df506590fe71e2022-01-05 10:01:21.461root 11241100x80000000000000006955379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cc324a406237b42022-01-05 10:01:21.461root 11241100x80000000000000006955380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caef379535833bdb2022-01-05 10:01:21.461root 11241100x80000000000000006955381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dede96069f142e42022-01-05 10:01:21.461root 11241100x80000000000000006955382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bff733163c35e172022-01-05 10:01:21.461root 11241100x80000000000000006955383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe568bb228ad31b2022-01-05 10:01:21.461root 11241100x80000000000000006955384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa2e38f13aa67a42022-01-05 10:01:21.461root 11241100x80000000000000006955385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3976bc155b59dd92022-01-05 10:01:21.960root 11241100x80000000000000006955386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e085f46d4adb37b2022-01-05 10:01:21.960root 11241100x80000000000000006955387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7bf87a13433cf2022-01-05 10:01:21.960root 11241100x80000000000000006955388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deabf88afdd9f0522022-01-05 10:01:21.960root 11241100x80000000000000006955389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44439f704d6c22102022-01-05 10:01:21.960root 11241100x80000000000000006955390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2d88d4ace0831b2022-01-05 10:01:21.960root 11241100x80000000000000006955391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332755b0b61d98712022-01-05 10:01:21.960root 11241100x80000000000000006955392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2b80c7982beb02022-01-05 10:01:21.960root 11241100x80000000000000006955393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af892baf3cdf23682022-01-05 10:01:21.960root 11241100x80000000000000006955394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee371b2e675a288c2022-01-05 10:01:21.960root 11241100x80000000000000006955395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5feceaa0a1a6448a2022-01-05 10:01:21.960root 11241100x80000000000000006955396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee7959dc4efcea22022-01-05 10:01:21.961root 11241100x80000000000000006955397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0fb7bd4a318de52022-01-05 10:01:21.961root 11241100x80000000000000006955398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40eec547c8ba2cbc2022-01-05 10:01:21.961root 11241100x80000000000000006955399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3af9e3d84595602022-01-05 10:01:21.961root 11241100x80000000000000006955400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a190a5fa132ab6812022-01-05 10:01:21.961root 11241100x80000000000000006955401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314d0423f5a0fc692022-01-05 10:01:21.961root 11241100x80000000000000006955402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7f4648f81935a2022-01-05 10:01:21.961root 11241100x80000000000000006955403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c933834eb564f792022-01-05 10:01:21.961root 11241100x80000000000000006955404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4b7126d8e977bc2022-01-05 10:01:21.961root 11241100x80000000000000006955405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c496dabe50863ed72022-01-05 10:01:21.961root 11241100x80000000000000006955406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5bf13abcd2d7a42022-01-05 10:01:21.961root 11241100x80000000000000006955407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f87bc7f405bf1442022-01-05 10:01:21.961root 11241100x80000000000000006955408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30930a9cacce3f52022-01-05 10:01:21.961root 11241100x80000000000000006955409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e636027992d4b2022-01-05 10:01:21.962root 11241100x80000000000000006955410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:21.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3450267f46e75652022-01-05 10:01:21.962root 354300x80000000000000006955411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.211{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41682-false10.0.1.12-8000- 11241100x80000000000000006955412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0760d58d2ac645302022-01-05 10:01:22.213root 11241100x80000000000000006955413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6836264e73e080ff2022-01-05 10:01:22.213root 11241100x80000000000000006955414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffda10ea25ae4a12022-01-05 10:01:22.213root 11241100x80000000000000006955415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d712707f935b172022-01-05 10:01:22.214root 11241100x80000000000000006955416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a5648e9d9b9cd62022-01-05 10:01:22.214root 11241100x80000000000000006955417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ebc34c1b0c6fa12022-01-05 10:01:22.214root 11241100x80000000000000006955418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e06e52b8e307df2022-01-05 10:01:22.215root 11241100x80000000000000006955419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cfa76b9507b89a2022-01-05 10:01:22.215root 11241100x80000000000000006955420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1e5d2331423ab02022-01-05 10:01:22.215root 11241100x80000000000000006955421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6bef31015969802022-01-05 10:01:22.215root 11241100x80000000000000006955422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cc1bfad38aa41c2022-01-05 10:01:22.215root 11241100x80000000000000006955423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c595a673ac8ed7582022-01-05 10:01:22.215root 11241100x80000000000000006955424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555d69723bc646d92022-01-05 10:01:22.216root 11241100x80000000000000006955425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5361f310c81edfa2022-01-05 10:01:22.216root 11241100x80000000000000006955426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20f2a6e6515e3c32022-01-05 10:01:22.216root 11241100x80000000000000006955427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6ce67c7b7eb8b62022-01-05 10:01:22.216root 11241100x80000000000000006955428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a75edeeb4f8cfe2022-01-05 10:01:22.217root 11241100x80000000000000006955429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ab66b7ee3921462022-01-05 10:01:22.217root 11241100x80000000000000006955430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46a5e15b0274d402022-01-05 10:01:22.217root 11241100x80000000000000006955431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d09b9fdda35c202022-01-05 10:01:22.217root 11241100x80000000000000006955432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fd1982e4d9bfe62022-01-05 10:01:22.217root 11241100x80000000000000006955433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86a152bb99baa472022-01-05 10:01:22.217root 11241100x80000000000000006955434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b95769af8ea13b82022-01-05 10:01:22.217root 11241100x80000000000000006955435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12eb2f6ca6a9bfbd2022-01-05 10:01:22.217root 11241100x80000000000000006955436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba523b32ce61319c2022-01-05 10:01:22.217root 11241100x80000000000000006955437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1703c99324646c2022-01-05 10:01:22.217root 11241100x80000000000000006955438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db4315aeee68b0e2022-01-05 10:01:22.217root 11241100x80000000000000006955439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad36d2b62a39f8672022-01-05 10:01:22.710root 11241100x80000000000000006955440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feaa00deb5788872022-01-05 10:01:22.710root 11241100x80000000000000006955441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b180119fdffd032022-01-05 10:01:22.710root 11241100x80000000000000006955442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba844d661dc5361b2022-01-05 10:01:22.710root 11241100x80000000000000006955443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024af52547b1c88e2022-01-05 10:01:22.710root 11241100x80000000000000006955444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db94aa681824fd6a2022-01-05 10:01:22.710root 11241100x80000000000000006955445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d295e0d218be7fd2022-01-05 10:01:22.710root 11241100x80000000000000006955446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b66aac562aee842022-01-05 10:01:22.711root 11241100x80000000000000006955447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826ec58192e553212022-01-05 10:01:22.711root 11241100x80000000000000006955448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9881ce15fbbd48df2022-01-05 10:01:22.711root 11241100x80000000000000006955449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d76778f09a30a752022-01-05 10:01:22.711root 11241100x80000000000000006955450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de558c16fe6abce32022-01-05 10:01:22.711root 11241100x80000000000000006955451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f297b2dfa8269f12022-01-05 10:01:22.711root 11241100x80000000000000006955452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff92c690179c7172022-01-05 10:01:22.711root 11241100x80000000000000006955453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5645351a7206f12022-01-05 10:01:22.711root 11241100x80000000000000006955454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a341c03daaba89b2022-01-05 10:01:22.712root 11241100x80000000000000006955455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a484f6ed4edf3db02022-01-05 10:01:22.712root 11241100x80000000000000006955456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c174127f2356a22022-01-05 10:01:22.712root 11241100x80000000000000006955457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b643e0c3f4ba6b2022-01-05 10:01:22.712root 11241100x80000000000000006955458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab35c2169d9cb922022-01-05 10:01:22.712root 11241100x80000000000000006955459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495ee1c1522589ba2022-01-05 10:01:22.712root 11241100x80000000000000006955460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b9805e3a0d10462022-01-05 10:01:22.712root 11241100x80000000000000006955461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720b50b8048ad1f72022-01-05 10:01:22.712root 11241100x80000000000000006955462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f02534aeb735aa02022-01-05 10:01:22.713root 11241100x80000000000000006955463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b8f1d2b968ac022022-01-05 10:01:22.713root 11241100x80000000000000006955464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc05595367112092022-01-05 10:01:22.713root 11241100x80000000000000006955465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:22.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a31ff0c8e19cdc2022-01-05 10:01:22.713root 11241100x80000000000000006955466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014faac78bc605602022-01-05 10:01:23.210root 11241100x80000000000000006955467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca4a8c7f6cee9c22022-01-05 10:01:23.210root 11241100x80000000000000006955468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ae4ff68c5c5e222022-01-05 10:01:23.210root 11241100x80000000000000006955469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5976fc5754fcb2f62022-01-05 10:01:23.210root 11241100x80000000000000006955470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8fea4660b01b122022-01-05 10:01:23.210root 11241100x80000000000000006955471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e2a5fbbd5227a2022-01-05 10:01:23.210root 11241100x80000000000000006955472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c7b955ba0cc0102022-01-05 10:01:23.210root 11241100x80000000000000006955473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db221be0062a16ea2022-01-05 10:01:23.210root 11241100x80000000000000006955474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1dc7f5f8062defd2022-01-05 10:01:23.211root 11241100x80000000000000006955475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70594448a8c50002022-01-05 10:01:23.211root 11241100x80000000000000006955476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540992301c2399152022-01-05 10:01:23.211root 11241100x80000000000000006955477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e0919cdd969842022-01-05 10:01:23.211root 11241100x80000000000000006955478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7986c0ac1c0751b92022-01-05 10:01:23.211root 11241100x80000000000000006955479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f2a948749b12b32022-01-05 10:01:23.211root 11241100x80000000000000006955480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31081b07c288f8362022-01-05 10:01:23.211root 11241100x80000000000000006955481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb6bde0b69a6b12022-01-05 10:01:23.211root 11241100x80000000000000006955482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74de3ae336a3a902022-01-05 10:01:23.211root 11241100x80000000000000006955483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8bfc4fa12652d102022-01-05 10:01:23.211root 11241100x80000000000000006955484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e60c89bc93805aa2022-01-05 10:01:23.211root 11241100x80000000000000006955485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8ab51c6f92f8a72022-01-05 10:01:23.211root 11241100x80000000000000006955486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb9fc5dccb6cb872022-01-05 10:01:23.211root 11241100x80000000000000006955487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe28d0db8cc02f5d2022-01-05 10:01:23.211root 11241100x80000000000000006955488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7643de7eb860cd8a2022-01-05 10:01:23.212root 11241100x80000000000000006955489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff5d054d275f7c72022-01-05 10:01:23.212root 11241100x80000000000000006955490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61057f7bf4ff16742022-01-05 10:01:23.212root 11241100x80000000000000006955491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f1497046686fef2022-01-05 10:01:23.212root 11241100x80000000000000006955492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845dc2ea2c0078b32022-01-05 10:01:23.212root 11241100x80000000000000006955493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773035fa6bb810e52022-01-05 10:01:23.710root 11241100x80000000000000006955494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15d92d2edfb86902022-01-05 10:01:23.710root 11241100x80000000000000006955495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f129339b3a10d2022-01-05 10:01:23.710root 11241100x80000000000000006955496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e0824f32d12152022-01-05 10:01:23.710root 11241100x80000000000000006955497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f128f32db58985c62022-01-05 10:01:23.710root 11241100x80000000000000006955498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fb5034114c4fe12022-01-05 10:01:23.710root 11241100x80000000000000006955499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee028ffca8e64042022-01-05 10:01:23.710root 11241100x80000000000000006955500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b316b0d5e42d432022-01-05 10:01:23.710root 11241100x80000000000000006955501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dca2d098d70dab2022-01-05 10:01:23.711root 11241100x80000000000000006955502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a389a8e46d323e2022-01-05 10:01:23.711root 11241100x80000000000000006955503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a150e97634cde42022-01-05 10:01:23.711root 11241100x80000000000000006955504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df94b6b64b1ecbc2022-01-05 10:01:23.711root 11241100x80000000000000006955505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217a972aa1a269dc2022-01-05 10:01:23.711root 11241100x80000000000000006955506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712ed70e517e303e2022-01-05 10:01:23.711root 11241100x80000000000000006955507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c643d50a052372ce2022-01-05 10:01:23.711root 11241100x80000000000000006955508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283523b93fefc91d2022-01-05 10:01:23.711root 11241100x80000000000000006955509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf87fb8c43defafc2022-01-05 10:01:23.711root 11241100x80000000000000006955510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad778e1e155308e2022-01-05 10:01:23.711root 11241100x80000000000000006955511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d635d85fd7170c2022-01-05 10:01:23.711root 11241100x80000000000000006955512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79338db92e422ef2022-01-05 10:01:23.711root 11241100x80000000000000006955513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e955d0ac690c97902022-01-05 10:01:23.711root 11241100x80000000000000006955514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc895fe1080f73c2022-01-05 10:01:23.711root 11241100x80000000000000006955515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8716dda7b2ff362022-01-05 10:01:23.712root 11241100x80000000000000006955516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13315b4cf76249f72022-01-05 10:01:23.712root 11241100x80000000000000006955517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed84132af08c84772022-01-05 10:01:23.712root 11241100x80000000000000006955518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2c81ab787f092e2022-01-05 10:01:23.712root 11241100x80000000000000006955519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:23.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33df41ba65a4d532022-01-05 10:01:23.712root 11241100x80000000000000006955520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a706c611caf5192d2022-01-05 10:01:24.210root 11241100x80000000000000006955521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0291e199ba9f4d12022-01-05 10:01:24.210root 11241100x80000000000000006955522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9640bf8657434e662022-01-05 10:01:24.210root 11241100x80000000000000006955523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f9e336340c5782022-01-05 10:01:24.210root 11241100x80000000000000006955524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3d6ab39fe07f772022-01-05 10:01:24.210root 11241100x80000000000000006955525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd171f69139423302022-01-05 10:01:24.210root 11241100x80000000000000006955526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f872b0c14ddd82062022-01-05 10:01:24.210root 11241100x80000000000000006955527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856e162d7246d9452022-01-05 10:01:24.211root 11241100x80000000000000006955528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6920a343408f482022-01-05 10:01:24.211root 11241100x80000000000000006955529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbcf4168f27437d52022-01-05 10:01:24.211root 11241100x80000000000000006955530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d07542a44885f2022-01-05 10:01:24.211root 11241100x80000000000000006955531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c651637a5f9fff2022-01-05 10:01:24.211root 11241100x80000000000000006955532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607b3e2fa305d6d92022-01-05 10:01:24.211root 11241100x80000000000000006955533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4969c6b84ef0fc2022-01-05 10:01:24.211root 11241100x80000000000000006955534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57991223f69989f32022-01-05 10:01:24.211root 11241100x80000000000000006955535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2feb34ab567ce12022-01-05 10:01:24.211root 11241100x80000000000000006955536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d77be46e2c5af1e2022-01-05 10:01:24.211root 11241100x80000000000000006955537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1582d592346772082022-01-05 10:01:24.211root 11241100x80000000000000006955538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8fc1f8f570fbc82022-01-05 10:01:24.211root 11241100x80000000000000006955539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819a84397dccd8072022-01-05 10:01:24.211root 11241100x80000000000000006955540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f42cd4d256fdd332022-01-05 10:01:24.212root 11241100x80000000000000006955541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9a5fe715e495812022-01-05 10:01:24.212root 11241100x80000000000000006955542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33ac182b2b4b7f62022-01-05 10:01:24.212root 11241100x80000000000000006955543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6024a78884554b2022-01-05 10:01:24.212root 11241100x80000000000000006955544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88c46436119bd582022-01-05 10:01:24.212root 11241100x80000000000000006955545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68273d5999b67de12022-01-05 10:01:24.212root 11241100x80000000000000006955546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f3619fc80557422022-01-05 10:01:24.212root 11241100x80000000000000006955547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef1b590d146d7c42022-01-05 10:01:24.710root 11241100x80000000000000006955548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e9d609fa6270fe2022-01-05 10:01:24.710root 11241100x80000000000000006955549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649d1a7217939472022-01-05 10:01:24.710root 11241100x80000000000000006955550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb65a71534deacf2022-01-05 10:01:24.710root 11241100x80000000000000006955551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde37d1b66d48d262022-01-05 10:01:24.710root 11241100x80000000000000006955552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d401f23018d6912022-01-05 10:01:24.711root 11241100x80000000000000006955553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a9a13c78b313b2022-01-05 10:01:24.711root 11241100x80000000000000006955554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c9a5518c5d7a12022-01-05 10:01:24.711root 11241100x80000000000000006955555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e919ee6c14b888092022-01-05 10:01:24.711root 11241100x80000000000000006955556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88831f83f0811bc62022-01-05 10:01:24.711root 11241100x80000000000000006955557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891d3fd9122539892022-01-05 10:01:24.711root 11241100x80000000000000006955558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a8bed512ecac262022-01-05 10:01:24.711root 11241100x80000000000000006955559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8533f56581872d2022-01-05 10:01:24.711root 11241100x80000000000000006955560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9af29047ddb963e2022-01-05 10:01:24.711root 11241100x80000000000000006955561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846b55a18df2a76a2022-01-05 10:01:24.711root 11241100x80000000000000006955562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e1c3f4f9e54a842022-01-05 10:01:24.711root 11241100x80000000000000006955563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13375a917dae5862022-01-05 10:01:24.711root 11241100x80000000000000006955564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3732a85b381c9262022-01-05 10:01:24.711root 11241100x80000000000000006955565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01001d409e0869b2022-01-05 10:01:24.711root 11241100x80000000000000006955566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b453add1ea44e6132022-01-05 10:01:24.711root 11241100x80000000000000006955567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a94473dff23fce2022-01-05 10:01:24.712root 11241100x80000000000000006955568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118c7143b82cf7602022-01-05 10:01:24.712root 11241100x80000000000000006955569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234254a1bc07d3ff2022-01-05 10:01:24.712root 11241100x80000000000000006955570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138b42d9a29ae8872022-01-05 10:01:24.712root 11241100x80000000000000006955571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d214b152c173fcfa2022-01-05 10:01:24.712root 11241100x80000000000000006955572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1c39148ca3821e2022-01-05 10:01:24.712root 11241100x80000000000000006955573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:24.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6d40adaddfe7b72022-01-05 10:01:24.712root 11241100x80000000000000006955574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ededa5ef0438ea7f2022-01-05 10:01:25.210root 11241100x80000000000000006955575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2909656e2267fc2022-01-05 10:01:25.210root 11241100x80000000000000006955576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d436cae99ef767b2022-01-05 10:01:25.210root 11241100x80000000000000006955577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffdb10ebe2ea39d2022-01-05 10:01:25.210root 11241100x80000000000000006955578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16559a71e7047f32022-01-05 10:01:25.211root 11241100x80000000000000006955579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befe6039c25ff6722022-01-05 10:01:25.211root 11241100x80000000000000006955580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0327297968f20bb2022-01-05 10:01:25.211root 11241100x80000000000000006955581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eef5de04e9ba102022-01-05 10:01:25.211root 11241100x80000000000000006955582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa7b2c234e1a7122022-01-05 10:01:25.211root 11241100x80000000000000006955583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6e185f93b08c672022-01-05 10:01:25.211root 11241100x80000000000000006955584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c3f021f90aa8f2022-01-05 10:01:25.211root 11241100x80000000000000006955585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845b87d29f4347f42022-01-05 10:01:25.211root 11241100x80000000000000006955586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb10900cd4059f52022-01-05 10:01:25.211root 11241100x80000000000000006955587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c80b8b7df56a042022-01-05 10:01:25.211root 11241100x80000000000000006955588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccb88d521e1b2222022-01-05 10:01:25.211root 11241100x80000000000000006955589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c183c8d6fdfa9a12022-01-05 10:01:25.211root 11241100x80000000000000006955590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225a77bc80550bc52022-01-05 10:01:25.211root 11241100x80000000000000006955591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcacc8882d00af12022-01-05 10:01:25.211root 11241100x80000000000000006955592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a800b18060a16c32022-01-05 10:01:25.211root 11241100x80000000000000006955593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dc9765deb921302022-01-05 10:01:25.212root 11241100x80000000000000006955594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f46ef5bd8d023282022-01-05 10:01:25.212root 11241100x80000000000000006955595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0db22b03340876a2022-01-05 10:01:25.212root 11241100x80000000000000006955596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2392164cbc0bdca2022-01-05 10:01:25.212root 11241100x80000000000000006955597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30df07b319b1158e2022-01-05 10:01:25.212root 11241100x80000000000000006955598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f1a804a37c1422022-01-05 10:01:25.212root 11241100x80000000000000006955599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81a6980ad8666142022-01-05 10:01:25.212root 11241100x80000000000000006955600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052d0750d8d35f532022-01-05 10:01:25.212root 11241100x80000000000000006955601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40db92a84bd2eb62022-01-05 10:01:25.710root 11241100x80000000000000006955602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34a0a981ed1e2162022-01-05 10:01:25.710root 11241100x80000000000000006955603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce97fe762a3a1912022-01-05 10:01:25.710root 11241100x80000000000000006955604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c43e4e7d61f4b72022-01-05 10:01:25.710root 11241100x80000000000000006955605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ed2969cc684862022-01-05 10:01:25.710root 11241100x80000000000000006955606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741c0aea03b5bf092022-01-05 10:01:25.711root 11241100x80000000000000006955607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de021ce853720afa2022-01-05 10:01:25.711root 11241100x80000000000000006955608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259c102b02a3241e2022-01-05 10:01:25.711root 11241100x80000000000000006955609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a311fed55370c12022-01-05 10:01:25.711root 11241100x80000000000000006955610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6059e988383574312022-01-05 10:01:25.711root 11241100x80000000000000006955611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96001cf84bbd19c82022-01-05 10:01:25.711root 11241100x80000000000000006955612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bc60cdb56ff9b02022-01-05 10:01:25.711root 11241100x80000000000000006955613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e914bb765ff6bb2022-01-05 10:01:25.711root 11241100x80000000000000006955614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3417f49df7c0bdf62022-01-05 10:01:25.711root 11241100x80000000000000006955615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4138a9725e2cdbba2022-01-05 10:01:25.711root 11241100x80000000000000006955616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3af093746931362022-01-05 10:01:25.711root 11241100x80000000000000006955617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04105cdfb1bc77c92022-01-05 10:01:25.711root 11241100x80000000000000006955618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38aa2dfde1fe0d722022-01-05 10:01:25.711root 11241100x80000000000000006955619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e3a62167a067db2022-01-05 10:01:25.711root 11241100x80000000000000006955620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051c44b5b86300672022-01-05 10:01:25.711root 11241100x80000000000000006955621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9b4582178048642022-01-05 10:01:25.712root 11241100x80000000000000006955622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129d6865b6be72f42022-01-05 10:01:25.712root 11241100x80000000000000006955623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a1c54d1d30dd882022-01-05 10:01:25.712root 11241100x80000000000000006955624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d41672947f24bc32022-01-05 10:01:25.712root 11241100x80000000000000006955625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb68c9bb6ea66fdb2022-01-05 10:01:25.712root 11241100x80000000000000006955626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecf333025f184682022-01-05 10:01:25.712root 11241100x80000000000000006955627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:25.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2482817994f8321f2022-01-05 10:01:25.712root 11241100x80000000000000006955628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bc8b647d8f6a9b2022-01-05 10:01:26.210root 11241100x80000000000000006955629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3078320dc90bf792022-01-05 10:01:26.210root 11241100x80000000000000006955630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d277a80e5dc8a0b2022-01-05 10:01:26.210root 11241100x80000000000000006955631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd30c67066fbb4f2022-01-05 10:01:26.211root 11241100x80000000000000006955632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e966c4dec0a1b82022-01-05 10:01:26.211root 11241100x80000000000000006955633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029f631b861bc29a2022-01-05 10:01:26.211root 11241100x80000000000000006955634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afda9b648cec8522022-01-05 10:01:26.211root 11241100x80000000000000006955635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daceabc371476c012022-01-05 10:01:26.211root 11241100x80000000000000006955636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcd2fb8d36533622022-01-05 10:01:26.211root 11241100x80000000000000006955637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e077e385a6ec9982022-01-05 10:01:26.211root 11241100x80000000000000006955638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500f6ebb9e7fd8b12022-01-05 10:01:26.211root 11241100x80000000000000006955639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b10817258b38202022-01-05 10:01:26.211root 11241100x80000000000000006955640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df12ae31d55f8a6b2022-01-05 10:01:26.211root 11241100x80000000000000006955641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0915a2227cbbf6002022-01-05 10:01:26.211root 11241100x80000000000000006955642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d02761a4cfe5d12022-01-05 10:01:26.211root 11241100x80000000000000006955643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca805d2058d4e1b2022-01-05 10:01:26.211root 11241100x80000000000000006955644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9754185f90ef7b2022-01-05 10:01:26.211root 11241100x80000000000000006955645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eed234734b49cb2022-01-05 10:01:26.211root 11241100x80000000000000006955646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf4b4bd643b98552022-01-05 10:01:26.212root 11241100x80000000000000006955647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec203abb96cec04a2022-01-05 10:01:26.212root 11241100x80000000000000006955648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d6156052288aa2022-01-05 10:01:26.212root 11241100x80000000000000006955649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef100527ae684b4d2022-01-05 10:01:26.212root 11241100x80000000000000006955650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67617e765d7bd472022-01-05 10:01:26.212root 11241100x80000000000000006955651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66cce4046a77ddc2022-01-05 10:01:26.212root 11241100x80000000000000006955652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b3e31a35416862022-01-05 10:01:26.212root 11241100x80000000000000006955653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb463c8bf2180e2022-01-05 10:01:26.212root 11241100x80000000000000006955654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f145afd21d125862022-01-05 10:01:26.212root 11241100x80000000000000006955655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b522f88b839303d52022-01-05 10:01:26.710root 11241100x80000000000000006955656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a303c3188d4e70322022-01-05 10:01:26.710root 11241100x80000000000000006955657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162d286d0758ba2f2022-01-05 10:01:26.710root 11241100x80000000000000006955658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a887f7edef8031d2022-01-05 10:01:26.710root 11241100x80000000000000006955659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acaf14465ab82cb02022-01-05 10:01:26.710root 11241100x80000000000000006955660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dccb8605577b692022-01-05 10:01:26.710root 11241100x80000000000000006955661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dbac70d9c014952022-01-05 10:01:26.710root 11241100x80000000000000006955662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16499cd8ee150b112022-01-05 10:01:26.711root 11241100x80000000000000006955663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57002a5073e94172022-01-05 10:01:26.711root 11241100x80000000000000006955664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bfae7e92e4127f2022-01-05 10:01:26.711root 11241100x80000000000000006955665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447bdfd6806ba8c72022-01-05 10:01:26.711root 11241100x80000000000000006955666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9520975a397fa72022-01-05 10:01:26.711root 11241100x80000000000000006955667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffef10eaaf39bff2022-01-05 10:01:26.711root 11241100x80000000000000006955668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08be1df6b9b042c32022-01-05 10:01:26.711root 11241100x80000000000000006955669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbf8d2d45bd3e4e2022-01-05 10:01:26.711root 11241100x80000000000000006955670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a60cf5701d1c82022-01-05 10:01:26.711root 11241100x80000000000000006955671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349eabe74154c9442022-01-05 10:01:26.711root 11241100x80000000000000006955672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eba62efe5ac5242022-01-05 10:01:26.711root 11241100x80000000000000006955673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1d2ed87ced784f2022-01-05 10:01:26.711root 11241100x80000000000000006955674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c7fb6e1e8cc03a2022-01-05 10:01:26.711root 11241100x80000000000000006955675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832a1742b843adb52022-01-05 10:01:26.711root 11241100x80000000000000006955676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f91a8978a5790d12022-01-05 10:01:26.711root 11241100x80000000000000006955677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae9d2c5975e763e2022-01-05 10:01:26.712root 11241100x80000000000000006955678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298fc97d4086a10c2022-01-05 10:01:26.712root 11241100x80000000000000006955679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f577cabc85aa512022-01-05 10:01:26.712root 11241100x80000000000000006955680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b1b6c5f93b93fe2022-01-05 10:01:26.712root 11241100x80000000000000006955681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:26.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0959715ee768d00e2022-01-05 10:01:26.712root 11241100x80000000000000006955682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2832b20be7fc88b2022-01-05 10:01:27.210root 11241100x80000000000000006955683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02711babd78eaf5b2022-01-05 10:01:27.210root 11241100x80000000000000006955684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e5eb5bf75c39a72022-01-05 10:01:27.210root 11241100x80000000000000006955685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ec16f55bd644922022-01-05 10:01:27.210root 11241100x80000000000000006955686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed0d3c1601052362022-01-05 10:01:27.210root 11241100x80000000000000006955687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b23828f2217a7502022-01-05 10:01:27.211root 11241100x80000000000000006955688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68331d6be41b7f9e2022-01-05 10:01:27.211root 11241100x80000000000000006955689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7906a0f88b8a022022-01-05 10:01:27.211root 11241100x80000000000000006955690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b7566321ad2d2e2022-01-05 10:01:27.211root 11241100x80000000000000006955691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8cc3af730a3c792022-01-05 10:01:27.211root 11241100x80000000000000006955692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1a2f6db357f2d22022-01-05 10:01:27.211root 11241100x80000000000000006955693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6c5ea698a9b8a2022-01-05 10:01:27.211root 11241100x80000000000000006955694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04861242faf9772022-01-05 10:01:27.211root 11241100x80000000000000006955695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6315c63b5471eb342022-01-05 10:01:27.211root 11241100x80000000000000006955696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5872b2a91a27cbf2022-01-05 10:01:27.211root 11241100x80000000000000006955697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0e03a44e2efcab2022-01-05 10:01:27.211root 11241100x80000000000000006955698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596f583cc4373062022-01-05 10:01:27.211root 11241100x80000000000000006955699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e2b89ddb18d1682022-01-05 10:01:27.211root 11241100x80000000000000006955700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da62a4f89143a8872022-01-05 10:01:27.212root 11241100x80000000000000006955701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80a0d87880a886372022-01-05 10:01:27.212root 11241100x80000000000000006955702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29e7af01961c87b2022-01-05 10:01:27.212root 11241100x80000000000000006955703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98544c21092863802022-01-05 10:01:27.212root 11241100x80000000000000006955704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd2fbfe25a14fe2022-01-05 10:01:27.212root 11241100x80000000000000006955705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6a834e0f8e0e8b2022-01-05 10:01:27.212root 11241100x80000000000000006955706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e01e620cf74b6f2022-01-05 10:01:27.212root 11241100x80000000000000006955707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040310691368c9702022-01-05 10:01:27.212root 11241100x80000000000000006955708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a9e342056e42902022-01-05 10:01:27.212root 11241100x80000000000000006955709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d727138071d1dec2022-01-05 10:01:27.710root 11241100x80000000000000006955710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f2ec37ef02154b2022-01-05 10:01:27.710root 11241100x80000000000000006955711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e2ca589e9147032022-01-05 10:01:27.710root 11241100x80000000000000006955712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a99ddccdcfa3fe2022-01-05 10:01:27.710root 11241100x80000000000000006955713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ecc2b7a28ac6c12022-01-05 10:01:27.710root 11241100x80000000000000006955714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b3473b833872a52022-01-05 10:01:27.710root 11241100x80000000000000006955715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b5a19276be30da2022-01-05 10:01:27.710root 11241100x80000000000000006955716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71887ab1ed7fdee12022-01-05 10:01:27.710root 11241100x80000000000000006955717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af24c645d57facc12022-01-05 10:01:27.711root 11241100x80000000000000006955718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e030eb645525c6d2022-01-05 10:01:27.711root 11241100x80000000000000006955719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734c82a132c6c8622022-01-05 10:01:27.711root 11241100x80000000000000006955720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407c1b05a894c07d2022-01-05 10:01:27.711root 11241100x80000000000000006955721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27dedb37351e125f2022-01-05 10:01:27.711root 11241100x80000000000000006955722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ff70634265e3e92022-01-05 10:01:27.711root 11241100x80000000000000006955723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31ebc371a9f11372022-01-05 10:01:27.711root 11241100x80000000000000006955724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccfe55305f217d72022-01-05 10:01:27.711root 11241100x80000000000000006955725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c50e6bb4bb63e4e2022-01-05 10:01:27.711root 11241100x80000000000000006955726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268a76142c1e6a6e2022-01-05 10:01:27.711root 11241100x80000000000000006955727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538d030bac02c5e02022-01-05 10:01:27.711root 11241100x80000000000000006955728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808503178f00a5492022-01-05 10:01:27.711root 11241100x80000000000000006955729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324e64401a5395b52022-01-05 10:01:27.711root 11241100x80000000000000006955730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1627d897b2fa042022-01-05 10:01:27.711root 11241100x80000000000000006955731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45ac2db63d7c5452022-01-05 10:01:27.711root 11241100x80000000000000006955732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7107d7cd9f451b2022-01-05 10:01:27.712root 11241100x80000000000000006955733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9422b654d7702d2022-01-05 10:01:27.712root 11241100x80000000000000006955734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de5ef1474e4ddb22022-01-05 10:01:27.712root 11241100x80000000000000006955735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:27.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80161801ce8858a72022-01-05 10:01:27.712root 354300x80000000000000006955736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.112{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41684-false10.0.1.12-8000- 11241100x80000000000000006955737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1106452e9b499da42022-01-05 10:01:28.113root 11241100x80000000000000006955738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b2ccdf2fb5a1cd2022-01-05 10:01:28.113root 11241100x80000000000000006955739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af7e3e8cc7d014f2022-01-05 10:01:28.113root 11241100x80000000000000006955740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c92bfec2f8555ff2022-01-05 10:01:28.113root 11241100x80000000000000006955741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.113{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fcff2b944dce3f2022-01-05 10:01:28.113root 11241100x80000000000000006955742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c4cd82648cd8392022-01-05 10:01:28.114root 11241100x80000000000000006955743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f509a0ed559a7152022-01-05 10:01:28.114root 11241100x80000000000000006955744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5569d623a71d0f892022-01-05 10:01:28.114root 11241100x80000000000000006955745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f24627f2dd3592022-01-05 10:01:28.114root 11241100x80000000000000006955746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414978db4acb74e12022-01-05 10:01:28.114root 11241100x80000000000000006955747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.114{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b974fe94408a7b3a2022-01-05 10:01:28.114root 11241100x80000000000000006955748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8725f85f8412c06b2022-01-05 10:01:28.115root 11241100x80000000000000006955749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.115{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577f0d4864ff0cb12022-01-05 10:01:28.115root 11241100x80000000000000006955750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33d181f23ad0802022-01-05 10:01:28.116root 11241100x80000000000000006955751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945381026ca541d72022-01-05 10:01:28.116root 11241100x80000000000000006955752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0571bc0b2db0de742022-01-05 10:01:28.116root 11241100x80000000000000006955753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.116{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79235f48bf918442022-01-05 10:01:28.116root 11241100x80000000000000006955754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf45b32386c539a2022-01-05 10:01:28.117root 11241100x80000000000000006955755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ae1770dd289fec2022-01-05 10:01:28.117root 11241100x80000000000000006955756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcf88d522b330202022-01-05 10:01:28.117root 11241100x80000000000000006955757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202fb2c7879da0412022-01-05 10:01:28.117root 11241100x80000000000000006955758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fb89f06ec216af2022-01-05 10:01:28.117root 11241100x80000000000000006955759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da02b789e23c91762022-01-05 10:01:28.117root 11241100x80000000000000006955760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0702d11adaf4bcf02022-01-05 10:01:28.117root 11241100x80000000000000006955761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8187fba59a1a45b62022-01-05 10:01:28.117root 11241100x80000000000000006955762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec0753afd0144252022-01-05 10:01:28.117root 11241100x80000000000000006955763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebb4454913184b92022-01-05 10:01:28.117root 11241100x80000000000000006955764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a592305995a00832022-01-05 10:01:28.117root 11241100x80000000000000006955765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924b67ab8a4460992022-01-05 10:01:28.117root 11241100x80000000000000006955766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.117{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322adc1569184c7a2022-01-05 10:01:28.117root 11241100x80000000000000006955767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e20dbfae7fc50e2022-01-05 10:01:28.118root 11241100x80000000000000006955768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c0f84ebe3f02632022-01-05 10:01:28.118root 11241100x80000000000000006955769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61827326218ad6d42022-01-05 10:01:28.118root 11241100x80000000000000006955770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfcc805a38dfe62022-01-05 10:01:28.118root 11241100x80000000000000006955771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.118{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d17d1ccc642cbd2022-01-05 10:01:28.118root 11241100x80000000000000006955772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f424719572c49c52022-01-05 10:01:28.460root 11241100x80000000000000006955773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d19781592e95552022-01-05 10:01:28.460root 11241100x80000000000000006955774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef5990aee6560ed2022-01-05 10:01:28.460root 11241100x80000000000000006955775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f5338eb63b2d6c2022-01-05 10:01:28.460root 11241100x80000000000000006955776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72346d7dc589c7272022-01-05 10:01:28.460root 11241100x80000000000000006955777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de8f8a3eeb4ba0b2022-01-05 10:01:28.460root 11241100x80000000000000006955778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6162f5a4da12a92022-01-05 10:01:28.460root 11241100x80000000000000006955779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a13d848bfb2f632022-01-05 10:01:28.461root 11241100x80000000000000006955780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f0157e900c329b2022-01-05 10:01:28.461root 11241100x80000000000000006955781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4393d60acae4aa922022-01-05 10:01:28.461root 11241100x80000000000000006955782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9bb736ca2a49192022-01-05 10:01:28.461root 11241100x80000000000000006955783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa0d3e13f3bce362022-01-05 10:01:28.461root 11241100x80000000000000006955784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845f33d7a46c13a92022-01-05 10:01:28.461root 11241100x80000000000000006955785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b099cf30a1097f0e2022-01-05 10:01:28.461root 11241100x80000000000000006955786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b566758f09b44c2022-01-05 10:01:28.461root 11241100x80000000000000006955787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd29b60de78890ee2022-01-05 10:01:28.461root 11241100x80000000000000006955788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0922f83690fa3bd62022-01-05 10:01:28.462root 11241100x80000000000000006955789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd9b27c177fbc2f2022-01-05 10:01:28.462root 11241100x80000000000000006955790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516ca1791512a4a32022-01-05 10:01:28.462root 11241100x80000000000000006955791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a203614fd643cd2022-01-05 10:01:28.462root 11241100x80000000000000006955792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428eb9bb5333d0b02022-01-05 10:01:28.462root 11241100x80000000000000006955793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e23eb49b8b7e3422022-01-05 10:01:28.463root 11241100x80000000000000006955794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a618bf3afed315842022-01-05 10:01:28.463root 11241100x80000000000000006955795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e6286cbe3063322022-01-05 10:01:28.463root 11241100x80000000000000006955796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b10285f3d1e3d562022-01-05 10:01:28.463root 11241100x80000000000000006955797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69216542d2ad46e32022-01-05 10:01:28.463root 11241100x80000000000000006955798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab50b0ef49610b02022-01-05 10:01:28.463root 11241100x80000000000000006955799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a419a5bce82982022-01-05 10:01:28.463root 11241100x80000000000000006955800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82433e137803ac62022-01-05 10:01:28.959root 11241100x80000000000000006955801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27466b1ff42c2c312022-01-05 10:01:28.959root 11241100x80000000000000006955802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b054614ec21f4a62022-01-05 10:01:28.959root 11241100x80000000000000006955803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c50849f6959ffef2022-01-05 10:01:28.959root 11241100x80000000000000006955804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c8bb0cc4721252022-01-05 10:01:28.959root 11241100x80000000000000006955805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9b574bf508e3392022-01-05 10:01:28.960root 11241100x80000000000000006955806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbca38968f80b392022-01-05 10:01:28.960root 11241100x80000000000000006955807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6c4f3414b00ee92022-01-05 10:01:28.960root 11241100x80000000000000006955808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe71219d84678982022-01-05 10:01:28.960root 11241100x80000000000000006955809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25fcda73dfc770e2022-01-05 10:01:28.960root 11241100x80000000000000006955810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa4c865ea6b95a82022-01-05 10:01:28.960root 11241100x80000000000000006955811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2bcbdc774ead502022-01-05 10:01:28.960root 11241100x80000000000000006955812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24209d3f38d188d2022-01-05 10:01:28.960root 11241100x80000000000000006955813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0044b8791f7d7aa72022-01-05 10:01:28.960root 11241100x80000000000000006955814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299a9994fecacd942022-01-05 10:01:28.960root 11241100x80000000000000006955815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2facd47c66c56ea42022-01-05 10:01:28.960root 11241100x80000000000000006955816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdcb98092442a1d2022-01-05 10:01:28.960root 11241100x80000000000000006955817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6144dbe22d9d462022-01-05 10:01:28.960root 11241100x80000000000000006955818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f0b814c62efa9c2022-01-05 10:01:28.960root 11241100x80000000000000006955819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33579eb559ded7802022-01-05 10:01:28.960root 11241100x80000000000000006955820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb3b621a48b1c682022-01-05 10:01:28.960root 11241100x80000000000000006955821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d493f15665aae75c2022-01-05 10:01:28.961root 11241100x80000000000000006955822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cad1f37522e8afc2022-01-05 10:01:28.961root 11241100x80000000000000006955823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3cfd61da0ad762022-01-05 10:01:28.961root 11241100x80000000000000006955824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c610dff396991cb12022-01-05 10:01:28.961root 11241100x80000000000000006955825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37ebb82ca2f4af12022-01-05 10:01:28.961root 11241100x80000000000000006955826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da21788405d49e772022-01-05 10:01:28.961root 11241100x80000000000000006955827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62206777a1cabb62022-01-05 10:01:28.961root 11241100x80000000000000006955828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:28.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5156577bf63c2e892022-01-05 10:01:28.961root 11241100x80000000000000006955829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:01:29.221root 11241100x80000000000000006955830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8862dfd2224bca02022-01-05 10:01:29.222root 11241100x80000000000000006955831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803f1ec412b9e2f42022-01-05 10:01:29.222root 11241100x80000000000000006955832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7accb04b12e4c4c2022-01-05 10:01:29.222root 11241100x80000000000000006955833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab18db4f10d372562022-01-05 10:01:29.222root 11241100x80000000000000006955834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b8871a0d4e446a2022-01-05 10:01:29.222root 11241100x80000000000000006955835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c32674157a73102022-01-05 10:01:29.223root 11241100x80000000000000006955836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4aabe1681fbbc72022-01-05 10:01:29.223root 11241100x80000000000000006955837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2766aec5b0e390742022-01-05 10:01:29.223root 11241100x80000000000000006955838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef0de6013c5e402022-01-05 10:01:29.223root 11241100x80000000000000006955839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0303425869f1ae742022-01-05 10:01:29.223root 11241100x80000000000000006955840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783f5efe2f9ce8d2022-01-05 10:01:29.223root 11241100x80000000000000006955841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e8a9b091699d872022-01-05 10:01:29.223root 11241100x80000000000000006955842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5615d2e3043f4d102022-01-05 10:01:29.223root 11241100x80000000000000006955843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4582826d89caa16a2022-01-05 10:01:29.223root 11241100x80000000000000006955844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67217758d7d3f1ab2022-01-05 10:01:29.223root 11241100x80000000000000006955845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d08a5f91b84072a2022-01-05 10:01:29.223root 11241100x80000000000000006955846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9549ae6a6d0074d2022-01-05 10:01:29.223root 11241100x80000000000000006955847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34d996495d62e672022-01-05 10:01:29.223root 11241100x80000000000000006955848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44370cfc9c31b6cb2022-01-05 10:01:29.223root 11241100x80000000000000006955849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b73226083fbada62022-01-05 10:01:29.224root 11241100x80000000000000006955850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff219e27a223010e2022-01-05 10:01:29.224root 11241100x80000000000000006955851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292401b215b74922022-01-05 10:01:29.224root 11241100x80000000000000006955852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f5b3f1a12114132022-01-05 10:01:29.224root 11241100x80000000000000006955853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c280c422d587f7632022-01-05 10:01:29.224root 11241100x80000000000000006955854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d167b86ba07e8f52022-01-05 10:01:29.224root 11241100x80000000000000006955855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0795655d2f2c57132022-01-05 10:01:29.224root 11241100x80000000000000006955856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1647e0dfd22c87622022-01-05 10:01:29.224root 11241100x80000000000000006955857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f980a978996cee22022-01-05 10:01:29.224root 11241100x80000000000000006955858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7efb302be6bf632022-01-05 10:01:29.224root 11241100x80000000000000006955859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9b1bcf739fa7d32022-01-05 10:01:29.224root 11241100x80000000000000006955860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476eaf91f6a9e6032022-01-05 10:01:29.224root 11241100x80000000000000006955861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db81ac665cabc99a2022-01-05 10:01:29.710root 11241100x80000000000000006955862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9add5fad6c14fc02022-01-05 10:01:29.711root 11241100x80000000000000006955863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378a8c5e0ce49fae2022-01-05 10:01:29.711root 11241100x80000000000000006955864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1977cfa6441a08e62022-01-05 10:01:29.712root 11241100x80000000000000006955865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbbeb17e5f22fb72022-01-05 10:01:29.712root 11241100x80000000000000006955866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1278a958d2c97c02022-01-05 10:01:29.712root 11241100x80000000000000006955867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef91fb3f81ed4f2022-01-05 10:01:29.713root 11241100x80000000000000006955868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6c295102810fe62022-01-05 10:01:29.713root 11241100x80000000000000006955869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b594915f0e7931ab2022-01-05 10:01:29.713root 11241100x80000000000000006955870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb46f4e837db8a892022-01-05 10:01:29.713root 11241100x80000000000000006955871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7665a6707daab6dc2022-01-05 10:01:29.713root 11241100x80000000000000006955872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defeb7f02e70ccdb2022-01-05 10:01:29.713root 11241100x80000000000000006955873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd19b34a0cdf842022-01-05 10:01:29.713root 11241100x80000000000000006955874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85832bf2c533a5602022-01-05 10:01:29.713root 11241100x80000000000000006955875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86de6bc388653d7f2022-01-05 10:01:29.713root 11241100x80000000000000006955876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d642012fa7af9b652022-01-05 10:01:29.714root 11241100x80000000000000006955877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3932275688ea42022-01-05 10:01:29.714root 11241100x80000000000000006955878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3d0798fb4afb932022-01-05 10:01:29.714root 11241100x80000000000000006955879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b35506da1d115872022-01-05 10:01:29.714root 11241100x80000000000000006955880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706471fbc189adc92022-01-05 10:01:29.714root 11241100x80000000000000006955881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2e6c3a972f43732022-01-05 10:01:29.714root 11241100x80000000000000006955882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6709f93c5dc11f692022-01-05 10:01:29.714root 11241100x80000000000000006955883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c179787ea95fe98a2022-01-05 10:01:29.714root 11241100x80000000000000006955884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870ee103e863de162022-01-05 10:01:29.714root 11241100x80000000000000006955885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9835a7ee9035ec522022-01-05 10:01:29.714root 11241100x80000000000000006955886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941007c1aa4cc1c12022-01-05 10:01:29.714root 11241100x80000000000000006955887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c295d2ffdbf4b2022-01-05 10:01:29.714root 11241100x80000000000000006955888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fcd947232cc5722022-01-05 10:01:29.714root 11241100x80000000000000006955889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:29.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79ed1251cc4a9272022-01-05 10:01:29.714root 11241100x80000000000000006955890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c3c61ef9d89ea52022-01-05 10:01:30.210root 11241100x80000000000000006955891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f643debc5fb8a1022022-01-05 10:01:30.210root 11241100x80000000000000006955892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81c74e64658867c2022-01-05 10:01:30.210root 11241100x80000000000000006955893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dede5f9dbef23d2022-01-05 10:01:30.210root 11241100x80000000000000006955894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b79908681580d42022-01-05 10:01:30.211root 11241100x80000000000000006955895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184663d25ac7fceb2022-01-05 10:01:30.211root 11241100x80000000000000006955896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcae35c3fece1abb2022-01-05 10:01:30.211root 11241100x80000000000000006955897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373eb0c4f99b17752022-01-05 10:01:30.211root 11241100x80000000000000006955898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c216ba43e6a77b122022-01-05 10:01:30.211root 11241100x80000000000000006955899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8426969275931eac2022-01-05 10:01:30.211root 11241100x80000000000000006955900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc69dace0f2aed982022-01-05 10:01:30.211root 11241100x80000000000000006955901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d784292a98fb3732022-01-05 10:01:30.211root 11241100x80000000000000006955902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8333cc521787232022-01-05 10:01:30.211root 11241100x80000000000000006955903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c5212bb41b91072022-01-05 10:01:30.211root 11241100x80000000000000006955904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8214f82145ba3b7d2022-01-05 10:01:30.211root 11241100x80000000000000006955905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010b7ae40131c6b02022-01-05 10:01:30.211root 11241100x80000000000000006955906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f123e818a08c0f92022-01-05 10:01:30.211root 11241100x80000000000000006955907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378e5776f534a4d52022-01-05 10:01:30.211root 11241100x80000000000000006955908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074abe938a78a642022-01-05 10:01:30.211root 11241100x80000000000000006955909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77610801892429592022-01-05 10:01:30.212root 11241100x80000000000000006955910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99232fb350c45f232022-01-05 10:01:30.212root 11241100x80000000000000006955911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80d70e27e4cc5532022-01-05 10:01:30.212root 11241100x80000000000000006955912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b210cab8911764b2022-01-05 10:01:30.212root 11241100x80000000000000006955913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cdfd8835a342d2022-01-05 10:01:30.212root 11241100x80000000000000006955914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9171a14ce48d332022-01-05 10:01:30.212root 11241100x80000000000000006955915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8980997a9a4329612022-01-05 10:01:30.212root 11241100x80000000000000006955916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5283674e02dae3202022-01-05 10:01:30.212root 11241100x80000000000000006955917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dacc1fb3da5d4d242022-01-05 10:01:30.212root 11241100x80000000000000006955918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8adf5f228e8cabc2022-01-05 10:01:30.212root 11241100x80000000000000006955919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbaf1f94ced74822022-01-05 10:01:30.710root 11241100x80000000000000006955920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7fb25ce4c6b4252022-01-05 10:01:30.710root 11241100x80000000000000006955921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd32247e03482dd12022-01-05 10:01:30.711root 11241100x80000000000000006955922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c75de4d672042042022-01-05 10:01:30.711root 11241100x80000000000000006955923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394e3ba10ae46ea92022-01-05 10:01:30.711root 11241100x80000000000000006955924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18ad74b469afa6d2022-01-05 10:01:30.711root 11241100x80000000000000006955925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66eb14a1515a1562022-01-05 10:01:30.711root 11241100x80000000000000006955926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09740935ce4bfbf12022-01-05 10:01:30.711root 11241100x80000000000000006955927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e3accbfa4d04be2022-01-05 10:01:30.711root 11241100x80000000000000006955928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8db21fb607d1f232022-01-05 10:01:30.712root 11241100x80000000000000006955929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a8bbd0c27614082022-01-05 10:01:30.712root 11241100x80000000000000006955930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf148152c0e287f2022-01-05 10:01:30.712root 11241100x80000000000000006955931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0ca5d7b539044f2022-01-05 10:01:30.712root 11241100x80000000000000006955932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcab0ce164f83d32022-01-05 10:01:30.712root 11241100x80000000000000006955933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a514f997cea60ce72022-01-05 10:01:30.712root 11241100x80000000000000006955934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b0bba7444e77e22022-01-05 10:01:30.712root 11241100x80000000000000006955935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07d815b44f25f272022-01-05 10:01:30.712root 11241100x80000000000000006955936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4c507d265e42e82022-01-05 10:01:30.712root 11241100x80000000000000006955937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d13415ccab835f2022-01-05 10:01:30.713root 11241100x80000000000000006955938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f272c653df3d45672022-01-05 10:01:30.713root 11241100x80000000000000006955939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac80dffd2028ab52022-01-05 10:01:30.713root 11241100x80000000000000006955940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27da0ea373a5b1c92022-01-05 10:01:30.713root 11241100x80000000000000006955941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3dbf1f1b567bac2022-01-05 10:01:30.713root 11241100x80000000000000006955942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f2a78d8084d4d02022-01-05 10:01:30.713root 11241100x80000000000000006955943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70519ebe42c6c4c92022-01-05 10:01:30.713root 11241100x80000000000000006955944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20f5f4e801ba1992022-01-05 10:01:30.713root 11241100x80000000000000006955945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb045eceb97e9932022-01-05 10:01:30.713root 11241100x80000000000000006955946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b192d61b764bb02022-01-05 10:01:30.713root 11241100x80000000000000006955947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:30.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7257b64a125719692022-01-05 10:01:30.714root 11241100x80000000000000006955948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b178b1bfb965b2022-01-05 10:01:31.210root 11241100x80000000000000006955949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee90d3b8db1ef2bf2022-01-05 10:01:31.210root 11241100x80000000000000006955950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9226727af52b342022-01-05 10:01:31.210root 11241100x80000000000000006955951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0640f4c9028bf02022-01-05 10:01:31.210root 11241100x80000000000000006955952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4270863ba25d95a2022-01-05 10:01:31.210root 11241100x80000000000000006955953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9e0b1cff6b4cdf2022-01-05 10:01:31.210root 11241100x80000000000000006955954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9243c6545ee3ffbd2022-01-05 10:01:31.211root 11241100x80000000000000006955955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742220ba55df2b5f2022-01-05 10:01:31.211root 11241100x80000000000000006955956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180fa56fbb1a4f02022-01-05 10:01:31.211root 11241100x80000000000000006955957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b032e97bdeeef512022-01-05 10:01:31.211root 11241100x80000000000000006955958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0264dc10f00c28512022-01-05 10:01:31.211root 11241100x80000000000000006955959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3050cf6742481c5b2022-01-05 10:01:31.211root 11241100x80000000000000006955960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a02f31b242f91e12022-01-05 10:01:31.211root 11241100x80000000000000006955961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb3f3d61c0ccd4b2022-01-05 10:01:31.211root 11241100x80000000000000006955962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd760325ec8298e2022-01-05 10:01:31.211root 11241100x80000000000000006955963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ae386433342922022-01-05 10:01:31.211root 11241100x80000000000000006955964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cd3a9f438035082022-01-05 10:01:31.211root 11241100x80000000000000006955965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c22507436a482f82022-01-05 10:01:31.211root 11241100x80000000000000006955966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53230889e7cbc0c2022-01-05 10:01:31.211root 11241100x80000000000000006955967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac76fa5363bc52092022-01-05 10:01:31.211root 11241100x80000000000000006955968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960286b33a2fc4692022-01-05 10:01:31.211root 11241100x80000000000000006955969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9c7a17ba11fda42022-01-05 10:01:31.211root 11241100x80000000000000006955970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e5fb715dc8b9db2022-01-05 10:01:31.212root 11241100x80000000000000006955971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095d56cc643ea3c42022-01-05 10:01:31.212root 11241100x80000000000000006955972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c5bec22532f7522022-01-05 10:01:31.212root 11241100x80000000000000006955973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b027fc5c17ba7cc02022-01-05 10:01:31.212root 11241100x80000000000000006955974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e2e47a065f397c2022-01-05 10:01:31.212root 11241100x80000000000000006955975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da5d18ce5ba4f852022-01-05 10:01:31.212root 11241100x80000000000000006955976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615aca8fc23f24482022-01-05 10:01:31.212root 11241100x80000000000000006955977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb34580fce999a432022-01-05 10:01:31.710root 11241100x80000000000000006955978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8858fa64535d28e22022-01-05 10:01:31.710root 11241100x80000000000000006955979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a330c47888e7a2022-01-05 10:01:31.710root 11241100x80000000000000006955980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5b93baf85ab9cf2022-01-05 10:01:31.710root 11241100x80000000000000006955981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbb25631291eed92022-01-05 10:01:31.710root 11241100x80000000000000006955982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879380ab8bcce83d2022-01-05 10:01:31.710root 11241100x80000000000000006955983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587bc8097f9984452022-01-05 10:01:31.711root 11241100x80000000000000006955984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5249f1f370e652022-01-05 10:01:31.711root 11241100x80000000000000006955985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7895327858beb42c2022-01-05 10:01:31.711root 11241100x80000000000000006955986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1bbb55670284782022-01-05 10:01:31.711root 11241100x80000000000000006955987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c060cd3a99a0297a2022-01-05 10:01:31.711root 11241100x80000000000000006955988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422cb593923d4c42022-01-05 10:01:31.711root 11241100x80000000000000006955989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e47103bf652af2022-01-05 10:01:31.711root 11241100x80000000000000006955990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b2ce885f7d3b22022-01-05 10:01:31.711root 11241100x80000000000000006955991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afdb9ad8c92c8ca2022-01-05 10:01:31.711root 11241100x80000000000000006955992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dabceef762f6222022-01-05 10:01:31.711root 11241100x80000000000000006955993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b830cbd76c52b92022-01-05 10:01:31.711root 11241100x80000000000000006955994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9f7055e51551522022-01-05 10:01:31.711root 11241100x80000000000000006955995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68146965a3625342022-01-05 10:01:31.711root 11241100x80000000000000006955996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993f89276576e4dd2022-01-05 10:01:31.711root 11241100x80000000000000006955997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a947a63f14270be2022-01-05 10:01:31.711root 11241100x80000000000000006955998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a750d331bb7987ed2022-01-05 10:01:31.711root 11241100x80000000000000006955999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc884281764285d72022-01-05 10:01:31.712root 11241100x80000000000000006956000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87d3c07660380522022-01-05 10:01:31.712root 11241100x80000000000000006956001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c3ce1dccc860d42022-01-05 10:01:31.712root 11241100x80000000000000006956002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2bf0fe745fce152022-01-05 10:01:31.712root 11241100x80000000000000006956003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4458b2cb6118e942022-01-05 10:01:31.712root 11241100x80000000000000006956004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57a70aaad692c5b2022-01-05 10:01:31.712root 11241100x80000000000000006956005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:31.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ef7c084cefa51c2022-01-05 10:01:31.712root 11241100x80000000000000006956006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519e7f978ce20dab2022-01-05 10:01:32.210root 11241100x80000000000000006956007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76089d0077c47282022-01-05 10:01:32.210root 11241100x80000000000000006956008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36c92c7a1e6c752022-01-05 10:01:32.210root 11241100x80000000000000006956009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce41767cb52192d2022-01-05 10:01:32.210root 11241100x80000000000000006956010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4c0472e855616d2022-01-05 10:01:32.210root 11241100x80000000000000006956011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1bd0948bd5d67b2022-01-05 10:01:32.210root 11241100x80000000000000006956012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838355ad5afec6372022-01-05 10:01:32.211root 11241100x80000000000000006956013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25dac5e76bebbf2022-01-05 10:01:32.211root 11241100x80000000000000006956014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33847da892e1737b2022-01-05 10:01:32.211root 11241100x80000000000000006956015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d609f9862c49a4b62022-01-05 10:01:32.211root 11241100x80000000000000006956016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1effaa0bd98774c62022-01-05 10:01:32.211root 11241100x80000000000000006956017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0632fe209bdc2f2022-01-05 10:01:32.211root 11241100x80000000000000006956018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a561e0e2c41e7a7e2022-01-05 10:01:32.211root 11241100x80000000000000006956019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5677c788656c73b2022-01-05 10:01:32.211root 11241100x80000000000000006956020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084690a2bc4dee1d2022-01-05 10:01:32.211root 11241100x80000000000000006956021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e8b25ad6c233a62022-01-05 10:01:32.211root 11241100x80000000000000006956022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d342a376e3592a9f2022-01-05 10:01:32.211root 11241100x80000000000000006956023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058d7c80315741f42022-01-05 10:01:32.211root 11241100x80000000000000006956024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c412474d3017ce2022-01-05 10:01:32.212root 11241100x80000000000000006956025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac5d5b06fd430eb2022-01-05 10:01:32.212root 11241100x80000000000000006956026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7b5710d96ec9d92022-01-05 10:01:32.212root 11241100x80000000000000006956027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e657bee5dbd30ec52022-01-05 10:01:32.212root 11241100x80000000000000006956028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51780ad92d8e9352022-01-05 10:01:32.212root 11241100x80000000000000006956029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560c32d0fff6d46d2022-01-05 10:01:32.212root 11241100x80000000000000006956030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58603af91f170512022-01-05 10:01:32.212root 11241100x80000000000000006956031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5550fcee4040fc2022-01-05 10:01:32.212root 11241100x80000000000000006956032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b559892b4fdb16d52022-01-05 10:01:32.212root 11241100x80000000000000006956033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292024727849fc092022-01-05 10:01:32.212root 11241100x80000000000000006956034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59a50a04947375d2022-01-05 10:01:32.212root 23542300x80000000000000006956035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006956036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2112f6e391eecd2022-01-05 10:01:32.710root 11241100x80000000000000006956037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19977eb7b36feaf62022-01-05 10:01:32.710root 11241100x80000000000000006956038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74713620da3b90ec2022-01-05 10:01:32.710root 11241100x80000000000000006956039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0e5501dd34f0652022-01-05 10:01:32.710root 11241100x80000000000000006956040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496c1037841597b32022-01-05 10:01:32.711root 11241100x80000000000000006956041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5ad9783297c9702022-01-05 10:01:32.711root 11241100x80000000000000006956042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e24c9e9ab50662022-01-05 10:01:32.711root 11241100x80000000000000006956043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df9def772fe95572022-01-05 10:01:32.711root 11241100x80000000000000006956044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a67e240ead673bf2022-01-05 10:01:32.711root 11241100x80000000000000006956045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b51465d2faba5d02022-01-05 10:01:32.711root 11241100x80000000000000006956046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cf77ddd5dc46762022-01-05 10:01:32.711root 11241100x80000000000000006956047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bd09e54ae375262022-01-05 10:01:32.711root 11241100x80000000000000006956048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c7903e7f377292022-01-05 10:01:32.711root 11241100x80000000000000006956049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8049825675e6522022-01-05 10:01:32.711root 11241100x80000000000000006956050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12f64ff7a62d42e2022-01-05 10:01:32.711root 11241100x80000000000000006956051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd871ab5e433be32022-01-05 10:01:32.711root 11241100x80000000000000006956052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973a4cbe8acba3652022-01-05 10:01:32.712root 11241100x80000000000000006956053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13341db97ab8bfd2022-01-05 10:01:32.712root 11241100x80000000000000006956054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e13893bb28440b22022-01-05 10:01:32.712root 11241100x80000000000000006956055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69401d3650219e582022-01-05 10:01:32.712root 11241100x80000000000000006956056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e164b3e45ffc082022-01-05 10:01:32.712root 11241100x80000000000000006956057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc69ec67acbb1a1b2022-01-05 10:01:32.712root 11241100x80000000000000006956058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1190c9e9821028842022-01-05 10:01:32.712root 11241100x80000000000000006956059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ee3180460825d2022-01-05 10:01:32.712root 11241100x80000000000000006956060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49d07328dbac4192022-01-05 10:01:32.712root 11241100x80000000000000006956061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76be298a3ff4eb82022-01-05 10:01:32.712root 11241100x80000000000000006956062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0511162e8d65e022022-01-05 10:01:32.712root 11241100x80000000000000006956063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6364483ebd14df4e2022-01-05 10:01:32.712root 11241100x80000000000000006956064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c306642f6cf34282022-01-05 10:01:32.712root 11241100x80000000000000006956065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:32.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695b7ed379fcbae2022-01-05 10:01:32.712root 11241100x80000000000000006956066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5e5be27c27032b2022-01-05 10:01:33.210root 11241100x80000000000000006956067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a03954493ba7972022-01-05 10:01:33.210root 11241100x80000000000000006956068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2615d809848a995b2022-01-05 10:01:33.210root 11241100x80000000000000006956069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e6b1e84cede2c92022-01-05 10:01:33.210root 11241100x80000000000000006956070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb3277f48edb1562022-01-05 10:01:33.210root 11241100x80000000000000006956071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe1a11e2b136b602022-01-05 10:01:33.211root 11241100x80000000000000006956072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1863defafa6883e2022-01-05 10:01:33.211root 11241100x80000000000000006956073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b4c35644662d3a2022-01-05 10:01:33.211root 11241100x80000000000000006956074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc6cfb11825f562022-01-05 10:01:33.211root 11241100x80000000000000006956075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440afb6fe352310b2022-01-05 10:01:33.211root 11241100x80000000000000006956076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb355ecdc816fae2022-01-05 10:01:33.211root 11241100x80000000000000006956077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581da1394e4a14392022-01-05 10:01:33.211root 11241100x80000000000000006956078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f2106de096d91f2022-01-05 10:01:33.211root 11241100x80000000000000006956079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d935e568d385592022-01-05 10:01:33.211root 11241100x80000000000000006956080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4a59b17b28fa502022-01-05 10:01:33.211root 11241100x80000000000000006956081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd0f33c40b319632022-01-05 10:01:33.211root 11241100x80000000000000006956082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d711f3f401abb312022-01-05 10:01:33.211root 11241100x80000000000000006956083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69854fb65bf8515a2022-01-05 10:01:33.211root 11241100x80000000000000006956084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67ddb24acba8a3e2022-01-05 10:01:33.211root 11241100x80000000000000006956085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8b6d7cece9bb592022-01-05 10:01:33.211root 11241100x80000000000000006956086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9656d7c00a9f7c622022-01-05 10:01:33.211root 11241100x80000000000000006956087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59766ad4044e1b3f2022-01-05 10:01:33.212root 11241100x80000000000000006956088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c90b67df3a63502022-01-05 10:01:33.212root 11241100x80000000000000006956089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f536345ebb68d9922022-01-05 10:01:33.212root 11241100x80000000000000006956090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899b46eab6843f362022-01-05 10:01:33.212root 11241100x80000000000000006956091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c812f04a4b80def2022-01-05 10:01:33.212root 11241100x80000000000000006956092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbff0030ebb808992022-01-05 10:01:33.212root 11241100x80000000000000006956093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e92d94ffb542cd2022-01-05 10:01:33.213root 11241100x80000000000000006956094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e909d15e2cd5d2b62022-01-05 10:01:33.213root 11241100x80000000000000006956095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ad5a2af0a10c3c2022-01-05 10:01:33.213root 11241100x80000000000000006956096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4072b7a62cd2d7d2022-01-05 10:01:33.709root 11241100x80000000000000006956097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b85a72b70c1ac02022-01-05 10:01:33.709root 11241100x80000000000000006956098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0c62c50d3b4532022-01-05 10:01:33.710root 11241100x80000000000000006956099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1334d333ffa4f7002022-01-05 10:01:33.710root 11241100x80000000000000006956100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72321df32fbcb222022-01-05 10:01:33.710root 11241100x80000000000000006956101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c4e1f8a15a35002022-01-05 10:01:33.710root 11241100x80000000000000006956102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb38f040ef9e68282022-01-05 10:01:33.710root 11241100x80000000000000006956103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1d991fe98fe7942022-01-05 10:01:33.711root 11241100x80000000000000006956104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91427e26f2321ddb2022-01-05 10:01:33.711root 11241100x80000000000000006956105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de49c023a993c262022-01-05 10:01:33.711root 11241100x80000000000000006956106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23e8abbe121473b2022-01-05 10:01:33.711root 11241100x80000000000000006956107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3890b0c35f4224b42022-01-05 10:01:33.711root 11241100x80000000000000006956108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4601a07f1f8c35352022-01-05 10:01:33.711root 11241100x80000000000000006956109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6f29c68a9a1d6e2022-01-05 10:01:33.711root 11241100x80000000000000006956110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cbe396d98d362e2022-01-05 10:01:33.712root 11241100x80000000000000006956111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88a27e3b525ab1e2022-01-05 10:01:33.712root 11241100x80000000000000006956112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3a1d5a08075c572022-01-05 10:01:33.712root 11241100x80000000000000006956113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5edf2a4c952322022-01-05 10:01:33.712root 11241100x80000000000000006956114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8313124b44ff6df2022-01-05 10:01:33.712root 11241100x80000000000000006956115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2829ed21fe10208f2022-01-05 10:01:33.712root 11241100x80000000000000006956116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8bcc9b80268a832022-01-05 10:01:33.712root 11241100x80000000000000006956117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116f93934471fb672022-01-05 10:01:33.712root 11241100x80000000000000006956118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ab0fa11eaf26322022-01-05 10:01:33.712root 11241100x80000000000000006956119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f273a6cf8a9b8f682022-01-05 10:01:33.712root 11241100x80000000000000006956120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f36303464c64f2022-01-05 10:01:33.713root 11241100x80000000000000006956121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eb7ab1d0f46c892022-01-05 10:01:33.713root 11241100x80000000000000006956122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0528c9f602d8a7672022-01-05 10:01:33.713root 11241100x80000000000000006956123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb673b746d520002022-01-05 10:01:33.715root 11241100x80000000000000006956124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c5903c307cfd262022-01-05 10:01:33.715root 11241100x80000000000000006956125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558b242bb8775f312022-01-05 10:01:33.715root 11241100x80000000000000006956126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b929c3de1512f0722022-01-05 10:01:33.715root 11241100x80000000000000006956127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8690a613601e39862022-01-05 10:01:33.715root 11241100x80000000000000006956128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131350c0155bbbc92022-01-05 10:01:33.716root 354300x80000000000000006956129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:33.724{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42166-false10.0.1.12-8089- 354300x80000000000000006956130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.061{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41688-false10.0.1.12-8000- 11241100x80000000000000006956131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ebd1799cbc0f2f2022-01-05 10:01:34.062root 11241100x80000000000000006956132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8b5b2ef710a2192022-01-05 10:01:34.062root 11241100x80000000000000006956133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1003ec03a630623b2022-01-05 10:01:34.062root 11241100x80000000000000006956134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506d6946d416e4302022-01-05 10:01:34.062root 11241100x80000000000000006956135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af4320c9fc6083b2022-01-05 10:01:34.062root 11241100x80000000000000006956136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52898cea7a019ee2022-01-05 10:01:34.062root 11241100x80000000000000006956137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.062{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0433ff9512559342022-01-05 10:01:34.062root 11241100x80000000000000006956138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10146d7a75c2f3202022-01-05 10:01:34.063root 11241100x80000000000000006956139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0567e86e93823ddf2022-01-05 10:01:34.063root 11241100x80000000000000006956140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613b8810cac0581e2022-01-05 10:01:34.063root 11241100x80000000000000006956141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5d2c02dae785882022-01-05 10:01:34.063root 11241100x80000000000000006956142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c74adbe76ac4d392022-01-05 10:01:34.063root 11241100x80000000000000006956143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38886e33eeaadda2022-01-05 10:01:34.063root 11241100x80000000000000006956144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfbf15547d98bf2022-01-05 10:01:34.063root 11241100x80000000000000006956145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5b88a9b250d3b52022-01-05 10:01:34.063root 11241100x80000000000000006956146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769416e6e928c7532022-01-05 10:01:34.063root 11241100x80000000000000006956147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.063{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c8107a67d0d54b2022-01-05 10:01:34.063root 11241100x80000000000000006956148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687522de3a9c3e162022-01-05 10:01:34.064root 11241100x80000000000000006956149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb9407102e64e162022-01-05 10:01:34.064root 11241100x80000000000000006956150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81f2af32b2128f32022-01-05 10:01:34.064root 11241100x80000000000000006956151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8611c17cd517b5b12022-01-05 10:01:34.064root 11241100x80000000000000006956152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.064{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0385eb66fec82012022-01-05 10:01:34.064root 11241100x80000000000000006956153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b27ae9881cada12022-01-05 10:01:34.065root 11241100x80000000000000006956154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680bfa17f934d8db2022-01-05 10:01:34.065root 11241100x80000000000000006956155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca7fde6c98934c32022-01-05 10:01:34.065root 11241100x80000000000000006956156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c55052cc2f72102022-01-05 10:01:34.065root 11241100x80000000000000006956157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aa80d5fd3147de2022-01-05 10:01:34.065root 11241100x80000000000000006956158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598ba8b734600f382022-01-05 10:01:34.065root 11241100x80000000000000006956159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749d8bf9441266742022-01-05 10:01:34.065root 11241100x80000000000000006956160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdc9a20c85412b02022-01-05 10:01:34.065root 11241100x80000000000000006956161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05015be11641ee32022-01-05 10:01:34.065root 11241100x80000000000000006956162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.065{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a6ad6f22dd5b142022-01-05 10:01:34.065root 11241100x80000000000000006956163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8248e68c668cb5772022-01-05 10:01:34.066root 11241100x80000000000000006956164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a408c21988192d2022-01-05 10:01:34.066root 11241100x80000000000000006956165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce4e65806bb3ebc2022-01-05 10:01:34.066root 11241100x80000000000000006956166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9358c0b8b903cad2022-01-05 10:01:34.066root 11241100x80000000000000006956167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb588043d84692762022-01-05 10:01:34.066root 11241100x80000000000000006956168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d20848ff8b72022022-01-05 10:01:34.066root 11241100x80000000000000006956169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35aa64d212d747ca2022-01-05 10:01:34.066root 11241100x80000000000000006956170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.066{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1271df62691f11b42022-01-05 10:01:34.066root 11241100x80000000000000006956171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f18a34c1abe2bc2022-01-05 10:01:34.067root 11241100x80000000000000006956172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76aa7587dcaadc12022-01-05 10:01:34.067root 11241100x80000000000000006956173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d798d7cf8cd7242022-01-05 10:01:34.067root 11241100x80000000000000006956174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffac9067fbc0714e2022-01-05 10:01:34.067root 11241100x80000000000000006956175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8f5cd75bddea92022-01-05 10:01:34.067root 11241100x80000000000000006956176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289bf6b364b9fa7a2022-01-05 10:01:34.067root 11241100x80000000000000006956177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.067{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c41a0242357f3b2022-01-05 10:01:34.067root 11241100x80000000000000006956178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8117b4bc536385d62022-01-05 10:01:34.068root 11241100x80000000000000006956179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce26300fe2e02c82022-01-05 10:01:34.068root 11241100x80000000000000006956180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a148a76264c5e2022-01-05 10:01:34.068root 11241100x80000000000000006956181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a7b9fae078c39b2022-01-05 10:01:34.068root 11241100x80000000000000006956182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.068{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3499aad875d0d4112022-01-05 10:01:34.068root 11241100x80000000000000006956183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70fa4389d6ce3762022-01-05 10:01:34.069root 11241100x80000000000000006956184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e463f4cc714ac8b2022-01-05 10:01:34.069root 11241100x80000000000000006956185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a816ea89de2fff2022-01-05 10:01:34.069root 11241100x80000000000000006956186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e58093e34506ef2022-01-05 10:01:34.069root 11241100x80000000000000006956187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.069{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4462919d0f17d972022-01-05 10:01:34.069root 11241100x80000000000000006956188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acafe3036f4a69772022-01-05 10:01:34.070root 11241100x80000000000000006956189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.070{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe782e29f5abf22022-01-05 10:01:34.070root 11241100x80000000000000006956190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbddeada6ac22bb2022-01-05 10:01:34.460root 11241100x80000000000000006956191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846b081c1f6d89c72022-01-05 10:01:34.460root 11241100x80000000000000006956192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20a93b11b399ad02022-01-05 10:01:34.460root 11241100x80000000000000006956193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8dd7a5f93cc8942022-01-05 10:01:34.461root 11241100x80000000000000006956194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325a536147a77f6b2022-01-05 10:01:34.461root 11241100x80000000000000006956195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2204ac05b273c792022-01-05 10:01:34.461root 11241100x80000000000000006956196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ad4ccfc8fb2572022-01-05 10:01:34.461root 11241100x80000000000000006956197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932244518b611c572022-01-05 10:01:34.461root 11241100x80000000000000006956198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090ae7caae4842372022-01-05 10:01:34.461root 11241100x80000000000000006956199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814f715d36bc6872022-01-05 10:01:34.461root 11241100x80000000000000006956200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe104884f1c95fc22022-01-05 10:01:34.461root 11241100x80000000000000006956201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9718f6cf6cd6de222022-01-05 10:01:34.461root 11241100x80000000000000006956202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d668e2ddde76fb2022-01-05 10:01:34.462root 11241100x80000000000000006956203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f431caddff8cbc2022-01-05 10:01:34.462root 11241100x80000000000000006956204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d5d534777a31012022-01-05 10:01:34.462root 11241100x80000000000000006956205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7330702ed884dde92022-01-05 10:01:34.462root 11241100x80000000000000006956206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18bc3e738fba0522022-01-05 10:01:34.462root 11241100x80000000000000006956207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94207298f23a63b2022-01-05 10:01:34.462root 11241100x80000000000000006956208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a0dc5d94b9d0e32022-01-05 10:01:34.462root 11241100x80000000000000006956209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b37abb88b3f2342022-01-05 10:01:34.462root 11241100x80000000000000006956210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069cb3ddac4376322022-01-05 10:01:34.462root 11241100x80000000000000006956211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea03e1f3c2d531c2022-01-05 10:01:34.462root 11241100x80000000000000006956212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac36b1393a4d12b2022-01-05 10:01:34.463root 11241100x80000000000000006956213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad8e756eeed5ce92022-01-05 10:01:34.463root 11241100x80000000000000006956214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff7bb6580ac6d6f2022-01-05 10:01:34.463root 11241100x80000000000000006956215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304699ef02caa732022-01-05 10:01:34.463root 11241100x80000000000000006956216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86a00b584cc35d2022-01-05 10:01:34.463root 11241100x80000000000000006956217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc413a5865135d022022-01-05 10:01:34.463root 11241100x80000000000000006956218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6af488d25c3cf22022-01-05 10:01:34.463root 11241100x80000000000000006956219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6a69166c8ccbb62022-01-05 10:01:34.463root 11241100x80000000000000006956220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1ce2f1c748fbe92022-01-05 10:01:34.463root 11241100x80000000000000006956221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b20acb11e2091342022-01-05 10:01:34.464root 11241100x80000000000000006956222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c7f9d97659f17a2022-01-05 10:01:34.960root 11241100x80000000000000006956223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6d4d5ebb1166632022-01-05 10:01:34.960root 11241100x80000000000000006956224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e1403c9b254bd22022-01-05 10:01:34.960root 11241100x80000000000000006956225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4a7d589b124a872022-01-05 10:01:34.960root 11241100x80000000000000006956226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9aef43bec9b0972022-01-05 10:01:34.961root 11241100x80000000000000006956227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01d539f382eb6f42022-01-05 10:01:34.961root 11241100x80000000000000006956228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41285faa0f3e7a852022-01-05 10:01:34.961root 11241100x80000000000000006956229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff894f13c1a6a42022-01-05 10:01:34.961root 11241100x80000000000000006956230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78be82c705a780b42022-01-05 10:01:34.961root 11241100x80000000000000006956231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df180bf3052546452022-01-05 10:01:34.961root 11241100x80000000000000006956232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a5f4104dcd9df82022-01-05 10:01:34.961root 11241100x80000000000000006956233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dff78d2a84285642022-01-05 10:01:34.961root 11241100x80000000000000006956234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19506adb1850fa662022-01-05 10:01:34.961root 11241100x80000000000000006956235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e832cccb29e854f02022-01-05 10:01:34.961root 11241100x80000000000000006956236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dda3988ba252392022-01-05 10:01:34.962root 11241100x80000000000000006956237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bc1c482a2d82712022-01-05 10:01:34.962root 11241100x80000000000000006956238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a0b883b60271022022-01-05 10:01:34.962root 11241100x80000000000000006956239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d29a1e9cdb8de12022-01-05 10:01:34.962root 11241100x80000000000000006956240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22dfd529ec5eea2022-01-05 10:01:34.962root 11241100x80000000000000006956241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e08f6a6e03f0eb2022-01-05 10:01:34.962root 11241100x80000000000000006956242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a828fde1292488322022-01-05 10:01:34.962root 11241100x80000000000000006956243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0221482932a1e42022-01-05 10:01:34.962root 11241100x80000000000000006956244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15852f60659b62492022-01-05 10:01:34.962root 11241100x80000000000000006956245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf7ba5fc99c8e502022-01-05 10:01:34.962root 11241100x80000000000000006956246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2574b4ccce61dbf2022-01-05 10:01:34.963root 11241100x80000000000000006956247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f9819be5833ba2022-01-05 10:01:34.963root 11241100x80000000000000006956248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52f8b5e80c9e0572022-01-05 10:01:34.963root 11241100x80000000000000006956249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bb5ae0779e09512022-01-05 10:01:34.964root 11241100x80000000000000006956250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a8343ec1bbb0c2022-01-05 10:01:34.964root 11241100x80000000000000006956251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e53b1df5f2a67c2022-01-05 10:01:34.964root 11241100x80000000000000006956252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dfda3d322a17a72022-01-05 10:01:34.964root 11241100x80000000000000006956253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:34.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af2e7465526e532022-01-05 10:01:34.964root 11241100x80000000000000006956254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3b71426519a2c02022-01-05 10:01:35.460root 11241100x80000000000000006956255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b64f36c1676aef2022-01-05 10:01:35.460root 11241100x80000000000000006956256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c9a7e039d13a522022-01-05 10:01:35.460root 11241100x80000000000000006956257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00280b5aa808e8b2022-01-05 10:01:35.461root 11241100x80000000000000006956258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c08c8e208e89432022-01-05 10:01:35.461root 11241100x80000000000000006956259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4fc481687f08c62022-01-05 10:01:35.461root 11241100x80000000000000006956260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdcfcb58cdb02f32022-01-05 10:01:35.461root 11241100x80000000000000006956261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de886835612cf04e2022-01-05 10:01:35.461root 11241100x80000000000000006956262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c7b93d1fa1c8382022-01-05 10:01:35.461root 11241100x80000000000000006956263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5227a80240f83da02022-01-05 10:01:35.461root 11241100x80000000000000006956264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad4b58348ae9f562022-01-05 10:01:35.461root 11241100x80000000000000006956265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b33373ef8665ff2022-01-05 10:01:35.461root 11241100x80000000000000006956266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb3f83afe25def22022-01-05 10:01:35.461root 11241100x80000000000000006956267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233609e379c5b2032022-01-05 10:01:35.461root 11241100x80000000000000006956268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95d65ba8ac03d322022-01-05 10:01:35.462root 11241100x80000000000000006956269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3ca469781556de2022-01-05 10:01:35.462root 11241100x80000000000000006956270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d11a52436dd8fe2022-01-05 10:01:35.462root 11241100x80000000000000006956271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f722254aada4762022-01-05 10:01:35.462root 11241100x80000000000000006956272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad43b29e8a14e39b2022-01-05 10:01:35.462root 11241100x80000000000000006956273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89516c3582f7150c2022-01-05 10:01:35.462root 11241100x80000000000000006956274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd29586116919c2f2022-01-05 10:01:35.462root 11241100x80000000000000006956275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7ace66489e29b2022-01-05 10:01:35.462root 11241100x80000000000000006956276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a040ec2db9eea6b2022-01-05 10:01:35.462root 11241100x80000000000000006956277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21b12d856383de52022-01-05 10:01:35.462root 11241100x80000000000000006956278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad21779efb2b9262022-01-05 10:01:35.462root 11241100x80000000000000006956279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5005b2e9223734f52022-01-05 10:01:35.462root 11241100x80000000000000006956280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df27e7139087a1e2022-01-05 10:01:35.462root 11241100x80000000000000006956281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a0ab72d001bc092022-01-05 10:01:35.462root 11241100x80000000000000006956282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4090bb2016e1fd2022-01-05 10:01:35.462root 11241100x80000000000000006956283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d32a0725fba6e302022-01-05 10:01:35.463root 11241100x80000000000000006956284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0324200b401c13632022-01-05 10:01:35.463root 11241100x80000000000000006956285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775cc43bc06167ab2022-01-05 10:01:35.463root 11241100x80000000000000006956286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e120739e47953e232022-01-05 10:01:35.960root 11241100x80000000000000006956287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a263e3bda8a5542022-01-05 10:01:35.960root 11241100x80000000000000006956288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbd20144c2b351c2022-01-05 10:01:35.961root 11241100x80000000000000006956289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6c5010502f7a152022-01-05 10:01:35.961root 11241100x80000000000000006956290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dff5bd0352104522022-01-05 10:01:35.961root 11241100x80000000000000006956291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0814976d9670d4882022-01-05 10:01:35.961root 11241100x80000000000000006956292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14a88887b9fe4ce2022-01-05 10:01:35.961root 11241100x80000000000000006956293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0104bf6827e15e922022-01-05 10:01:35.961root 11241100x80000000000000006956294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477341b5a9ebdb72022-01-05 10:01:35.961root 11241100x80000000000000006956295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d8df3ffd6f20a52022-01-05 10:01:35.961root 11241100x80000000000000006956296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4174cca17b0d372022-01-05 10:01:35.961root 11241100x80000000000000006956297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a450b85478639cf2022-01-05 10:01:35.961root 11241100x80000000000000006956298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44921c2a1970e6202022-01-05 10:01:35.961root 11241100x80000000000000006956299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e5cd1dae1e3d422022-01-05 10:01:35.962root 11241100x80000000000000006956300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b44a5e548e1292b2022-01-05 10:01:35.962root 11241100x80000000000000006956301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1017350b6358e8312022-01-05 10:01:35.962root 11241100x80000000000000006956302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6199fa0a243881792022-01-05 10:01:35.962root 11241100x80000000000000006956303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b003db401a716192022-01-05 10:01:35.962root 11241100x80000000000000006956304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db0f618d874aa92022-01-05 10:01:35.962root 11241100x80000000000000006956305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63666373ea2e83b82022-01-05 10:01:35.962root 11241100x80000000000000006956306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff8d0652f98ecb92022-01-05 10:01:35.962root 11241100x80000000000000006956307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d91f76512d22382022-01-05 10:01:35.962root 11241100x80000000000000006956308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81171ae83a1bd5992022-01-05 10:01:35.962root 11241100x80000000000000006956309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7113f9d8b47108002022-01-05 10:01:35.962root 11241100x80000000000000006956310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a100515b64653c0d2022-01-05 10:01:35.962root 11241100x80000000000000006956311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92df993a299f4cb12022-01-05 10:01:35.962root 11241100x80000000000000006956312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef18d1d3c2e13892022-01-05 10:01:35.962root 11241100x80000000000000006956313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec8b841e0666e722022-01-05 10:01:35.962root 11241100x80000000000000006956314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942e1978252c72bc2022-01-05 10:01:35.963root 11241100x80000000000000006956315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d834926ef9cc6c2022-01-05 10:01:35.963root 11241100x80000000000000006956316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9815ae17c4b90f7a2022-01-05 10:01:35.963root 11241100x80000000000000006956317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:35.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d49444ece7fdef2022-01-05 10:01:35.963root 11241100x80000000000000006956318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3845f8107a2e12022-01-05 10:01:36.460root 11241100x80000000000000006956319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1472693615debbc2022-01-05 10:01:36.460root 11241100x80000000000000006956320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eda56832dcdaa52022-01-05 10:01:36.460root 11241100x80000000000000006956321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e668fe954a58ab92022-01-05 10:01:36.460root 11241100x80000000000000006956322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f00175406566d1e2022-01-05 10:01:36.461root 11241100x80000000000000006956323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bd9913c2d4c8f82022-01-05 10:01:36.461root 11241100x80000000000000006956324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131113c91bc59f622022-01-05 10:01:36.461root 11241100x80000000000000006956325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef37fdf252e4f9782022-01-05 10:01:36.461root 11241100x80000000000000006956326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f330b94db54ca2022-01-05 10:01:36.461root 11241100x80000000000000006956327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a703277de672ec2022-01-05 10:01:36.461root 11241100x80000000000000006956328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc3a3c97e8c49d22022-01-05 10:01:36.461root 11241100x80000000000000006956329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ebab4e91eedadf2022-01-05 10:01:36.461root 11241100x80000000000000006956330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802c0fefab25dc752022-01-05 10:01:36.461root 11241100x80000000000000006956331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e5bf6f3b6cac9f2022-01-05 10:01:36.462root 11241100x80000000000000006956332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c162ec2833dd9c62022-01-05 10:01:36.462root 11241100x80000000000000006956333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90ea37aea081cf5c2022-01-05 10:01:36.462root 11241100x80000000000000006956334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbeac23dacee05a02022-01-05 10:01:36.462root 11241100x80000000000000006956335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80379fc34c5b7fe92022-01-05 10:01:36.462root 11241100x80000000000000006956336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6c698ae08b82c12022-01-05 10:01:36.462root 11241100x80000000000000006956337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3f3c8ea7f2912e2022-01-05 10:01:36.462root 11241100x80000000000000006956338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8f90bbd0afc6362022-01-05 10:01:36.462root 11241100x80000000000000006956339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c79efdca600aef62022-01-05 10:01:36.462root 11241100x80000000000000006956340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0542b4d9ef08f13a2022-01-05 10:01:36.462root 11241100x80000000000000006956341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.475913f2eb93af3d2022-01-05 10:01:36.463root 11241100x80000000000000006956342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f7d15477ca31d52022-01-05 10:01:36.463root 11241100x80000000000000006956343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55321896fe4285ce2022-01-05 10:01:36.463root 11241100x80000000000000006956344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb442e1567e903e32022-01-05 10:01:36.463root 11241100x80000000000000006956345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe07c08a97cdc22022-01-05 10:01:36.463root 11241100x80000000000000006956346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86fd062dcf3e3d32022-01-05 10:01:36.463root 11241100x80000000000000006956347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37e25b0f79e8c502022-01-05 10:01:36.463root 11241100x80000000000000006956348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c26a8edc400f162022-01-05 10:01:36.463root 11241100x80000000000000006956349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb90036f9f45b8d2022-01-05 10:01:36.463root 11241100x80000000000000006956350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897e56f56a876af42022-01-05 10:01:36.960root 11241100x80000000000000006956351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3ebaa2cd3c59442022-01-05 10:01:36.960root 11241100x80000000000000006956352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083adb8e22601f0e2022-01-05 10:01:36.960root 11241100x80000000000000006956353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e654830992783b922022-01-05 10:01:36.960root 11241100x80000000000000006956354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3ceaf1c512fd22022-01-05 10:01:36.960root 11241100x80000000000000006956355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601161f3c04ba6092022-01-05 10:01:36.961root 11241100x80000000000000006956356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264e1f92a71a64392022-01-05 10:01:36.961root 11241100x80000000000000006956357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71b5f64a71d1bc52022-01-05 10:01:36.961root 11241100x80000000000000006956358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7a8d82c5b36b02022-01-05 10:01:36.961root 11241100x80000000000000006956359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c9d6584e8397502022-01-05 10:01:36.961root 11241100x80000000000000006956360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1ab9d12e01c7f2022-01-05 10:01:36.961root 11241100x80000000000000006956361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a63ce7a07d904072022-01-05 10:01:36.961root 11241100x80000000000000006956362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fc0fbc9300816a2022-01-05 10:01:36.961root 11241100x80000000000000006956363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619cdc43b310cd172022-01-05 10:01:36.961root 11241100x80000000000000006956364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60884fdb8a1a41a32022-01-05 10:01:36.961root 11241100x80000000000000006956365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087d16367aa606602022-01-05 10:01:36.962root 11241100x80000000000000006956366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5568dea4ec9460592022-01-05 10:01:36.962root 11241100x80000000000000006956367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d8adf9e57a07702022-01-05 10:01:36.962root 11241100x80000000000000006956368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70ef59fdadafbc52022-01-05 10:01:36.962root 11241100x80000000000000006956369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7d11571cb2ab892022-01-05 10:01:36.962root 11241100x80000000000000006956370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf0b4de6b9ec0c2022-01-05 10:01:36.962root 11241100x80000000000000006956371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8fe843956e3e872022-01-05 10:01:36.962root 11241100x80000000000000006956372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b22908af38e8f7f2022-01-05 10:01:36.962root 11241100x80000000000000006956373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753b28150abbc04e2022-01-05 10:01:36.962root 11241100x80000000000000006956374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed25dff6928f2712022-01-05 10:01:36.963root 11241100x80000000000000006956375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8e738c0723142a2022-01-05 10:01:36.963root 11241100x80000000000000006956376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd8ca284312d2a72022-01-05 10:01:36.963root 11241100x80000000000000006956377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c9c5e71752b25c2022-01-05 10:01:36.963root 11241100x80000000000000006956378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d6e6c9a021e2092022-01-05 10:01:36.963root 11241100x80000000000000006956379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d36cfd5b325d8e32022-01-05 10:01:36.963root 11241100x80000000000000006956380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3eb36a685cf5ce2022-01-05 10:01:36.963root 11241100x80000000000000006956381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:36.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f6129aa979ba712022-01-05 10:01:36.963root 11241100x80000000000000006956382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.769171c1dd1d83762022-01-05 10:01:37.460root 11241100x80000000000000006956383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095f56c782099f92022-01-05 10:01:37.460root 11241100x80000000000000006956384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c84fc6c5f8ea4c2022-01-05 10:01:37.460root 11241100x80000000000000006956385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f988cb6ee345532022-01-05 10:01:37.461root 11241100x80000000000000006956386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd66f83a22d3df052022-01-05 10:01:37.461root 11241100x80000000000000006956387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065963f0e645b4b02022-01-05 10:01:37.461root 11241100x80000000000000006956388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efd3627c31fac0f2022-01-05 10:01:37.461root 11241100x80000000000000006956389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac077a80dead326f2022-01-05 10:01:37.461root 11241100x80000000000000006956390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a21ac33c6c22c292022-01-05 10:01:37.461root 11241100x80000000000000006956391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2655a307d6ed7922022-01-05 10:01:37.461root 11241100x80000000000000006956392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d34bd07fee2aa62022-01-05 10:01:37.461root 11241100x80000000000000006956393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328e98db8cc84232022-01-05 10:01:37.461root 11241100x80000000000000006956394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c070fbe18e83e2712022-01-05 10:01:37.462root 11241100x80000000000000006956395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b7a82853870b452022-01-05 10:01:37.462root 11241100x80000000000000006956396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc34b3ccf047fe422022-01-05 10:01:37.462root 11241100x80000000000000006956397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61a8d0f9532fec82022-01-05 10:01:37.462root 11241100x80000000000000006956398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b274290843e2c72022-01-05 10:01:37.462root 11241100x80000000000000006956399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779e9ff176ae59b42022-01-05 10:01:37.462root 11241100x80000000000000006956400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11c0faff171d9402022-01-05 10:01:37.462root 11241100x80000000000000006956401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88e09f494febda62022-01-05 10:01:37.462root 11241100x80000000000000006956402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717bd6a66248c35d2022-01-05 10:01:37.462root 11241100x80000000000000006956403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71351602ad5cefd42022-01-05 10:01:37.462root 11241100x80000000000000006956404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69dcc1eeed45ae82022-01-05 10:01:37.463root 11241100x80000000000000006956405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32505940436f4b142022-01-05 10:01:37.463root 11241100x80000000000000006956406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504280778839db8f2022-01-05 10:01:37.463root 11241100x80000000000000006956407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0c44f411be35d32022-01-05 10:01:37.463root 11241100x80000000000000006956408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e0593f3120ea6d2022-01-05 10:01:37.463root 11241100x80000000000000006956409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a5f66d67440dc72022-01-05 10:01:37.463root 11241100x80000000000000006956410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9557f797079c601d2022-01-05 10:01:37.463root 11241100x80000000000000006956411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2c2aed1a8700922022-01-05 10:01:37.463root 11241100x80000000000000006956412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76d5ceaf0b64d152022-01-05 10:01:37.463root 11241100x80000000000000006956413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1eda93170cbfea2022-01-05 10:01:37.463root 11241100x80000000000000006956414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e4b9ff9d0953432022-01-05 10:01:37.960root 11241100x80000000000000006956415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3242049750b586762022-01-05 10:01:37.960root 11241100x80000000000000006956416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc6d8867b6a6a92022-01-05 10:01:37.960root 11241100x80000000000000006956417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7572bc761a5f22022-01-05 10:01:37.961root 11241100x80000000000000006956418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875e8c885502cf012022-01-05 10:01:37.961root 11241100x80000000000000006956419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e652ec533176f122022-01-05 10:01:37.961root 11241100x80000000000000006956420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce94a21ee8acb5db2022-01-05 10:01:37.961root 11241100x80000000000000006956421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97cbfe6bcb17e622022-01-05 10:01:37.961root 11241100x80000000000000006956422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f80e43b95ba35a2022-01-05 10:01:37.961root 11241100x80000000000000006956423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0ac698b6e9fea2022-01-05 10:01:37.961root 11241100x80000000000000006956424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479db16db08d4f462022-01-05 10:01:37.961root 11241100x80000000000000006956425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45771375f0d1abfc2022-01-05 10:01:37.962root 11241100x80000000000000006956426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ee2e2bc63e0eac2022-01-05 10:01:37.962root 11241100x80000000000000006956427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb77094f11ef2962022-01-05 10:01:37.962root 11241100x80000000000000006956428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e2b87260979cbc2022-01-05 10:01:37.962root 11241100x80000000000000006956429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3df7049592f18b2022-01-05 10:01:37.962root 11241100x80000000000000006956430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85678fbfe12bb9c2022-01-05 10:01:37.962root 11241100x80000000000000006956431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779eca7f92460c5f2022-01-05 10:01:37.962root 11241100x80000000000000006956432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae46ff39662232d32022-01-05 10:01:37.962root 11241100x80000000000000006956433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c945b251d3c9b8892022-01-05 10:01:37.962root 11241100x80000000000000006956434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d35fd76f289d912022-01-05 10:01:37.962root 11241100x80000000000000006956435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d2afe28a515552022-01-05 10:01:37.963root 11241100x80000000000000006956436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3a6e524021a7bf2022-01-05 10:01:37.963root 11241100x80000000000000006956437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b8b34ef23633792022-01-05 10:01:37.963root 11241100x80000000000000006956438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cffe2e21ecda59a2022-01-05 10:01:37.963root 11241100x80000000000000006956439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eef451d220fbda2022-01-05 10:01:37.963root 11241100x80000000000000006956440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556375f7b4b062a12022-01-05 10:01:37.963root 11241100x80000000000000006956441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67032caa29a66d12022-01-05 10:01:37.963root 11241100x80000000000000006956442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19bc68cb413208452022-01-05 10:01:37.963root 11241100x80000000000000006956443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c92ec74ef82a162022-01-05 10:01:37.963root 11241100x80000000000000006956444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e635f95b29185bf2022-01-05 10:01:37.963root 11241100x80000000000000006956445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:37.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378217dbdbbef4f62022-01-05 10:01:37.964root 11241100x80000000000000006956446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8c9fb69cb86e9e2022-01-05 10:01:38.460root 11241100x80000000000000006956447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2062760e3d522e922022-01-05 10:01:38.460root 11241100x80000000000000006956448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f933d9d402525b02022-01-05 10:01:38.460root 11241100x80000000000000006956449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c1cb91dbd9b8052022-01-05 10:01:38.460root 11241100x80000000000000006956450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612c2cf4d3eed3852022-01-05 10:01:38.461root 11241100x80000000000000006956451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4475dcd43548c52022-01-05 10:01:38.461root 11241100x80000000000000006956452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c859e78d0b9de1b2022-01-05 10:01:38.461root 11241100x80000000000000006956453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a12c2a053f44ea72022-01-05 10:01:38.461root 11241100x80000000000000006956454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f211a68bdf4aa6f42022-01-05 10:01:38.461root 11241100x80000000000000006956455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48bfd6cec51b1542022-01-05 10:01:38.461root 11241100x80000000000000006956456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa7f285ad685da12022-01-05 10:01:38.461root 11241100x80000000000000006956457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7d11f4fba4b9632022-01-05 10:01:38.461root 11241100x80000000000000006956458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6feb09e7afe3312022-01-05 10:01:38.462root 11241100x80000000000000006956459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e8b51c2ceead542022-01-05 10:01:38.462root 11241100x80000000000000006956460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c44c7dd6a0f2212022-01-05 10:01:38.462root 11241100x80000000000000006956461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89da251cefcb1b952022-01-05 10:01:38.462root 11241100x80000000000000006956462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5e2e4d892215c12022-01-05 10:01:38.462root 11241100x80000000000000006956463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a3e9ba5291e1b52022-01-05 10:01:38.462root 11241100x80000000000000006956464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce7dc268e55ff2e2022-01-05 10:01:38.462root 11241100x80000000000000006956465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01017fb10abced1e2022-01-05 10:01:38.462root 11241100x80000000000000006956466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227dbe4c1fc5ad4f2022-01-05 10:01:38.462root 11241100x80000000000000006956467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d50a81e6fd6f722022-01-05 10:01:38.462root 11241100x80000000000000006956468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ebbefb7a523e592022-01-05 10:01:38.462root 11241100x80000000000000006956469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60189e5311dc303a2022-01-05 10:01:38.462root 11241100x80000000000000006956470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cd3c1a921ae05a2022-01-05 10:01:38.462root 11241100x80000000000000006956471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fa99eecc030d012022-01-05 10:01:38.462root 11241100x80000000000000006956472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7604de533ae34cac2022-01-05 10:01:38.462root 11241100x80000000000000006956473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59026488d93ab642022-01-05 10:01:38.463root 11241100x80000000000000006956474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f2c87c5fa46ba72022-01-05 10:01:38.463root 11241100x80000000000000006956475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9356b46f27feff242022-01-05 10:01:38.463root 11241100x80000000000000006956476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6eda86042e666b2022-01-05 10:01:38.463root 11241100x80000000000000006956477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6798de42808d1bf72022-01-05 10:01:38.463root 11241100x80000000000000006956478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965793e84df834b72022-01-05 10:01:38.960root 11241100x80000000000000006956479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29157cc65b694b382022-01-05 10:01:38.960root 11241100x80000000000000006956480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81658cea5444b5012022-01-05 10:01:38.961root 11241100x80000000000000006956481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232725835cf77f532022-01-05 10:01:38.961root 11241100x80000000000000006956482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f64a2240359c092022-01-05 10:01:38.961root 11241100x80000000000000006956483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11006e2e6ea12c92022-01-05 10:01:38.961root 11241100x80000000000000006956484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e19a5d0ae9e37482022-01-05 10:01:38.961root 11241100x80000000000000006956485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c80a230c0a85172022-01-05 10:01:38.961root 11241100x80000000000000006956486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b369ebfa01456b032022-01-05 10:01:38.962root 11241100x80000000000000006956487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2d59919c129d712022-01-05 10:01:38.962root 11241100x80000000000000006956488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de10a5db50180b2022-01-05 10:01:38.962root 11241100x80000000000000006956489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a3e427e7350e122022-01-05 10:01:38.962root 11241100x80000000000000006956490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8193a31560fda6a2022-01-05 10:01:38.962root 11241100x80000000000000006956491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b313c322c401b6a2022-01-05 10:01:38.962root 11241100x80000000000000006956492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f6a0b7107fa9512022-01-05 10:01:38.962root 11241100x80000000000000006956493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dece4b7776bbd06d2022-01-05 10:01:38.962root 11241100x80000000000000006956494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e9dda7c00415d82022-01-05 10:01:38.962root 11241100x80000000000000006956495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda00939bb0593812022-01-05 10:01:38.963root 11241100x80000000000000006956496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3767fda02e5699e02022-01-05 10:01:38.963root 11241100x80000000000000006956497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605f29cccfb51a262022-01-05 10:01:38.963root 11241100x80000000000000006956498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6352e7195712812022-01-05 10:01:38.963root 11241100x80000000000000006956499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4ecb71fd5013c62022-01-05 10:01:38.963root 11241100x80000000000000006956500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5eb31b5f961e932022-01-05 10:01:38.963root 11241100x80000000000000006956501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9579f932f7070b92022-01-05 10:01:38.963root 11241100x80000000000000006956502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215ccacccc8a593f2022-01-05 10:01:38.963root 11241100x80000000000000006956503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ea19afbe9870912022-01-05 10:01:38.963root 11241100x80000000000000006956504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de11bddfae9494d32022-01-05 10:01:38.964root 11241100x80000000000000006956505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0190ca0fbb79ac2022-01-05 10:01:38.964root 11241100x80000000000000006956506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e399c16993acb882022-01-05 10:01:38.965root 11241100x80000000000000006956507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7adeb1030cf9e22022-01-05 10:01:38.965root 11241100x80000000000000006956508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e086ee06b48f40d2022-01-05 10:01:38.965root 11241100x80000000000000006956509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:38.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fb087b111f67162022-01-05 10:01:38.965root 354300x80000000000000006956510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.157{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41690-false10.0.1.12-8000- 354300x80000000000000006956511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.292{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-46318-false10.0.1.25-22- 11241100x80000000000000006956512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.293{ec2e79f3-6c83-61d5-0000-000000000000}23002/usr/sbin/sshd/proc/23002/oom_score_adj2022-01-05 10:01:39.293root 154100x80000000000000006956513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.293{ec2e79f3-6c83-61d5-e077-b38aaa550000}23002/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 11241100x80000000000000006956514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b1e9141fd191a42022-01-05 10:01:39.294root 11241100x80000000000000006956515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ba5a9439e8bad72022-01-05 10:01:39.294root 11241100x80000000000000006956516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4af08cc792f5df02022-01-05 10:01:39.294root 11241100x80000000000000006956517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b15de0ca33b222022-01-05 10:01:39.294root 11241100x80000000000000006956518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391df5169c69bc382022-01-05 10:01:39.294root 11241100x80000000000000006956519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bdc31e3758fe1502022-01-05 10:01:39.294root 11241100x80000000000000006956520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e731111183adc52022-01-05 10:01:39.294root 11241100x80000000000000006956521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.294{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f86cdf95867e492022-01-05 10:01:39.294root 11241100x80000000000000006956522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2fef3afa1398f72022-01-05 10:01:39.295root 11241100x80000000000000006956523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97311d8659f670af2022-01-05 10:01:39.295root 11241100x80000000000000006956524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477cb2470486b1442022-01-05 10:01:39.295root 11241100x80000000000000006956525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de1f825c1f0a19f2022-01-05 10:01:39.295root 11241100x80000000000000006956526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff87b674f84b72c2022-01-05 10:01:39.295root 11241100x80000000000000006956527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb57f3e2ac199f12022-01-05 10:01:39.295root 11241100x80000000000000006956528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091298a7659fcb5f2022-01-05 10:01:39.295root 11241100x80000000000000006956529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb3f5c1fb7bdad22022-01-05 10:01:39.295root 11241100x80000000000000006956530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.295{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb327337ab70a0a2022-01-05 10:01:39.295root 11241100x80000000000000006956531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb97229d891d875e2022-01-05 10:01:39.296root 11241100x80000000000000006956532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff0257823346d1a2022-01-05 10:01:39.296root 11241100x80000000000000006956533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00a73b25bf115112022-01-05 10:01:39.296root 11241100x80000000000000006956534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5a10e14bfcf29e2022-01-05 10:01:39.296root 11241100x80000000000000006956535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523475800f7a59852022-01-05 10:01:39.296root 11241100x80000000000000006956536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d12f58bbea292d2022-01-05 10:01:39.296root 11241100x80000000000000006956537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5845507a9763aa982022-01-05 10:01:39.296root 11241100x80000000000000006956538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67132f3506daaafe2022-01-05 10:01:39.296root 11241100x80000000000000006956539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac867d46647813082022-01-05 10:01:39.296root 11241100x80000000000000006956540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd57324d78208a2022-01-05 10:01:39.296root 11241100x80000000000000006956541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.296{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b233eb24efbe11b42022-01-05 10:01:39.296root 11241100x80000000000000006956542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.297{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4781488fb3ed262022-01-05 10:01:39.297root 11241100x80000000000000006956543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.297{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0cc6676d7f761d2022-01-05 10:01:39.297root 11241100x80000000000000006956544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.298{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea474331c5a69152022-01-05 10:01:39.298root 11241100x80000000000000006956545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.298{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185c34c131464a552022-01-05 10:01:39.298root 11241100x80000000000000006956546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feadd9acd4da43b92022-01-05 10:01:39.305root 11241100x80000000000000006956547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1239ba12570246632022-01-05 10:01:39.305root 11241100x80000000000000006956548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53bb904364c27e2022-01-05 10:01:39.305root 11241100x80000000000000006956549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95730e85af5711122022-01-05 10:01:39.305root 11241100x80000000000000006956550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b5436a910a3e2c2022-01-05 10:01:39.305root 11241100x80000000000000006956551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee29b9a2c396202022-01-05 10:01:39.305root 11241100x80000000000000006956552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.305{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1fcef35c4658482022-01-05 10:01:39.305root 11241100x80000000000000006956553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d691e96890414a2022-01-05 10:01:39.306root 11241100x80000000000000006956554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bb3948eb67e6a22022-01-05 10:01:39.306root 11241100x80000000000000006956555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2afc0d865e479422022-01-05 10:01:39.306root 11241100x80000000000000006956556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be690914450af7e2022-01-05 10:01:39.306root 11241100x80000000000000006956557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c1c554048d99ec2022-01-05 10:01:39.306root 11241100x80000000000000006956558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afbc845bedf339d2022-01-05 10:01:39.306root 11241100x80000000000000006956559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d6d89041a9ec502022-01-05 10:01:39.306root 11241100x80000000000000006956560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbb2d6ffe9873112022-01-05 10:01:39.306root 11241100x80000000000000006956561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.306{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cce0f5c236beb32022-01-05 10:01:39.306root 11241100x80000000000000006956562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbee594e274cf8d2022-01-05 10:01:39.307root 11241100x80000000000000006956563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7f116e697647c12022-01-05 10:01:39.307root 11241100x80000000000000006956564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340b828caff68ea42022-01-05 10:01:39.307root 11241100x80000000000000006956565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce4a046d0565afc2022-01-05 10:01:39.307root 11241100x80000000000000006956566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7b8c5767d7ce9372022-01-05 10:01:39.307root 11241100x80000000000000006956567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b88280fa8e345f2022-01-05 10:01:39.307root 11241100x80000000000000006956568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.307{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6fee3efe8c6f1d2022-01-05 10:01:39.307root 11241100x80000000000000006956569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03480c5656801f4d2022-01-05 10:01:39.308root 11241100x80000000000000006956570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637489efa16307eb2022-01-05 10:01:39.308root 11241100x80000000000000006956571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121bbf5533b98ae52022-01-05 10:01:39.308root 11241100x80000000000000006956572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0f856a3d17711b2022-01-05 10:01:39.308root 11241100x80000000000000006956573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffebdf17a48617a72022-01-05 10:01:39.308root 11241100x80000000000000006956574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb3dc2955677d362022-01-05 10:01:39.308root 11241100x80000000000000006956575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.308{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d655657ee108942022-01-05 10:01:39.308root 11241100x80000000000000006956576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.309{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0c4a46745646932022-01-05 10:01:39.309root 11241100x80000000000000006956577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dea72e82287646b2022-01-05 10:01:39.310root 11241100x80000000000000006956578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f524861ae76269f2022-01-05 10:01:39.310root 11241100x80000000000000006956579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8caf8484412b54172022-01-05 10:01:39.310root 11241100x80000000000000006956580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926d5476d1a0ee0c2022-01-05 10:01:39.310root 11241100x80000000000000006956581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e1c1527df0b0ce2022-01-05 10:01:39.310root 11241100x80000000000000006956582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91961e14d26e0b742022-01-05 10:01:39.310root 11241100x80000000000000006956583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9961cfd4325a14372022-01-05 10:01:39.310root 11241100x80000000000000006956584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.310{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4f0272598f178f2022-01-05 10:01:39.310root 11241100x80000000000000006956585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b659fb331c73c12022-01-05 10:01:39.311root 11241100x80000000000000006956586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3150f311285d6a2022-01-05 10:01:39.311root 11241100x80000000000000006956587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f450e3508ab91072022-01-05 10:01:39.311root 11241100x80000000000000006956588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfb9e23688f9e462022-01-05 10:01:39.311root 11241100x80000000000000006956589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2789e5aa07c1ce6f2022-01-05 10:01:39.311root 11241100x80000000000000006956590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947eb846770958252022-01-05 10:01:39.311root 11241100x80000000000000006956591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.311{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c68e886d09e3c822022-01-05 10:01:39.311root 11241100x80000000000000006956592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3e6fed541a4c1d2022-01-05 10:01:39.312root 11241100x80000000000000006956593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eebf85c2892ed622022-01-05 10:01:39.312root 11241100x80000000000000006956594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f29ee1a24f62782022-01-05 10:01:39.312root 11241100x80000000000000006956595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.312{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9ce81147e44812022-01-05 10:01:39.312root 534500x80000000000000006956596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.405{ec2e79f3-6c83-61d5-e077-b38aaa550000}23002/usr/sbin/sshdroot 11241100x80000000000000006956597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab19e1cd61f08652022-01-05 10:01:39.710root 11241100x80000000000000006956598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985fd2c1be41f3e82022-01-05 10:01:39.710root 11241100x80000000000000006956599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057b9a7287dff25c2022-01-05 10:01:39.710root 11241100x80000000000000006956600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b776237de62222022-01-05 10:01:39.710root 11241100x80000000000000006956601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7756a1635c0f3fb2022-01-05 10:01:39.710root 11241100x80000000000000006956602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8691c07cd573a64e2022-01-05 10:01:39.710root 11241100x80000000000000006956603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b751bba50e8f5d72022-01-05 10:01:39.712root 11241100x80000000000000006956604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15d79cd22f4dbc32022-01-05 10:01:39.712root 11241100x80000000000000006956605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95f7f75567d7c0c2022-01-05 10:01:39.712root 11241100x80000000000000006956606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0668435adf196e3c2022-01-05 10:01:39.712root 11241100x80000000000000006956607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7518bd5b02e8ec2022-01-05 10:01:39.712root 11241100x80000000000000006956608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e9d05b8e1e8f022022-01-05 10:01:39.712root 11241100x80000000000000006956609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad47d9f4ae8e8c32022-01-05 10:01:39.713root 11241100x80000000000000006956610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf87ccf72e8c15cc2022-01-05 10:01:39.713root 11241100x80000000000000006956611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdaba5b7493f3e6b2022-01-05 10:01:39.713root 11241100x80000000000000006956612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7dd3a2e89a83a82022-01-05 10:01:39.713root 11241100x80000000000000006956613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166ed55abc7ae4d82022-01-05 10:01:39.713root 11241100x80000000000000006956614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07456b625c19f8df2022-01-05 10:01:39.713root 11241100x80000000000000006956615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d118755091062d0e2022-01-05 10:01:39.713root 11241100x80000000000000006956616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbb177ec8dea1a52022-01-05 10:01:39.713root 11241100x80000000000000006956617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62700929ef2a13372022-01-05 10:01:39.714root 11241100x80000000000000006956618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7306d71983b771a32022-01-05 10:01:39.714root 11241100x80000000000000006956619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7389fcf9d597cac92022-01-05 10:01:39.714root 11241100x80000000000000006956620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268431160c6b1f522022-01-05 10:01:39.714root 11241100x80000000000000006956621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe33fc49a7fb3082022-01-05 10:01:39.714root 11241100x80000000000000006956622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7314503f84ac2d622022-01-05 10:01:39.714root 11241100x80000000000000006956623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3636fade79a76aec2022-01-05 10:01:39.714root 11241100x80000000000000006956624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff89e3d766edbf12022-01-05 10:01:39.715root 11241100x80000000000000006956625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a1bb80db5d50d62022-01-05 10:01:39.715root 11241100x80000000000000006956626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b85cdc7813e98672022-01-05 10:01:39.715root 11241100x80000000000000006956627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40972bb15786a0122022-01-05 10:01:39.715root 11241100x80000000000000006956628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc47c69716f5853b2022-01-05 10:01:39.715root 11241100x80000000000000006956629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61354ab6c2f1b7f02022-01-05 10:01:39.715root 11241100x80000000000000006956630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a11b27dc5f99a2022-01-05 10:01:39.715root 11241100x80000000000000006956631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acf2af4c692c5092022-01-05 10:01:39.715root 11241100x80000000000000006956632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7660d56fe8557c412022-01-05 10:01:39.715root 11241100x80000000000000006956633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db58bf4628257092022-01-05 10:01:39.715root 11241100x80000000000000006956634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbd5ddb6b58d12c2022-01-05 10:01:39.715root 11241100x80000000000000006956635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7608b9984799717c2022-01-05 10:01:39.715root 11241100x80000000000000006956636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a84f320eb3193b2022-01-05 10:01:39.716root 11241100x80000000000000006956637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ccfbe9cb25983c2022-01-05 10:01:39.716root 11241100x80000000000000006956638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fad056a692405b2022-01-05 10:01:39.716root 11241100x80000000000000006956639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa39f6428b32dc2022-01-05 10:01:39.716root 11241100x80000000000000006956640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715ba31f6f8cb7bb2022-01-05 10:01:39.716root 11241100x80000000000000006956641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbcdb5998bb5fe32022-01-05 10:01:39.717root 11241100x80000000000000006956642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de075351a79ca2342022-01-05 10:01:39.717root 11241100x80000000000000006956643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c5ec87d6e9d3712022-01-05 10:01:39.717root 11241100x80000000000000006956644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921510e4b1e4b60a2022-01-05 10:01:39.717root 11241100x80000000000000006956645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336ec5dedb67e1442022-01-05 10:01:39.717root 11241100x80000000000000006956646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c17d0604764fcd62022-01-05 10:01:39.717root 11241100x80000000000000006956647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7906fa4e09eaa4c62022-01-05 10:01:39.717root 11241100x80000000000000006956648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3fff37ba5bbdaf2022-01-05 10:01:39.717root 11241100x80000000000000006956649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac9f17945a148482022-01-05 10:01:39.717root 11241100x80000000000000006956650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f237e371d8485172022-01-05 10:01:39.717root 11241100x80000000000000006956651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4323b4c8535ed102022-01-05 10:01:39.717root 11241100x80000000000000006956652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4906e7db72eb83fb2022-01-05 10:01:39.717root 11241100x80000000000000006956653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25c4b08728e3d842022-01-05 10:01:39.718root 11241100x80000000000000006956654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839dafee496da50e2022-01-05 10:01:39.718root 11241100x80000000000000006956655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f36d3cf1c02b492022-01-05 10:01:39.718root 11241100x80000000000000006956656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fced51d7a80e48642022-01-05 10:01:39.718root 11241100x80000000000000006956657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:39.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f51babfbec7b8d2022-01-05 10:01:39.718root 11241100x80000000000000006956658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c524f67e2341fa2022-01-05 10:01:40.209root 11241100x80000000000000006956659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede2d0e19bd166e32022-01-05 10:01:40.209root 11241100x80000000000000006956660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3126622348c789912022-01-05 10:01:40.209root 11241100x80000000000000006956661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a790d9047b2b93042022-01-05 10:01:40.209root 11241100x80000000000000006956662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4018b335e0ec3632022-01-05 10:01:40.209root 11241100x80000000000000006956663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfbbbfef44183a52022-01-05 10:01:40.210root 11241100x80000000000000006956664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c785aa7bb0ff7b2022-01-05 10:01:40.210root 11241100x80000000000000006956665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a892942fdd168bb2022-01-05 10:01:40.210root 11241100x80000000000000006956666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554e12784904a002022-01-05 10:01:40.210root 11241100x80000000000000006956667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afcd6203ff145632022-01-05 10:01:40.210root 11241100x80000000000000006956668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58da1911fdde40c82022-01-05 10:01:40.211root 11241100x80000000000000006956669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49f764b6bca18ee2022-01-05 10:01:40.211root 11241100x80000000000000006956670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7e02cc6bdbb6742022-01-05 10:01:40.211root 11241100x80000000000000006956671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a72c7099d0566b22022-01-05 10:01:40.211root 11241100x80000000000000006956672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93971f905cee49ab2022-01-05 10:01:40.212root 11241100x80000000000000006956673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d03b39bac2e6f2022-01-05 10:01:40.218root 11241100x80000000000000006956674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6878231f155203212022-01-05 10:01:40.218root 11241100x80000000000000006956675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8722248579b811832022-01-05 10:01:40.219root 11241100x80000000000000006956676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed996d7ecbd0f062022-01-05 10:01:40.219root 11241100x80000000000000006956677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec83123dbbe0ebd62022-01-05 10:01:40.219root 11241100x80000000000000006956678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214df73dfc3dd2412022-01-05 10:01:40.219root 11241100x80000000000000006956679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3788982871b3c3282022-01-05 10:01:40.219root 11241100x80000000000000006956680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee0fa8f7f51e6862022-01-05 10:01:40.219root 11241100x80000000000000006956681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e556b96a1e9bfac2022-01-05 10:01:40.219root 11241100x80000000000000006956682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762d737e41b870e42022-01-05 10:01:40.219root 11241100x80000000000000006956683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84039207cfc191702022-01-05 10:01:40.219root 11241100x80000000000000006956684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25957b44236b6c282022-01-05 10:01:40.219root 11241100x80000000000000006956685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4d6132c09c3c992022-01-05 10:01:40.220root 11241100x80000000000000006956686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d90ed801b2f21ad2022-01-05 10:01:40.220root 11241100x80000000000000006956687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01aebdd9497ce132022-01-05 10:01:40.220root 11241100x80000000000000006956688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebe6ac96532ef0c2022-01-05 10:01:40.220root 11241100x80000000000000006956689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ede4751679b5c52022-01-05 10:01:40.220root 11241100x80000000000000006956690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2914f2660ec8b72022-01-05 10:01:40.220root 11241100x80000000000000006956691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d79606eccc7b72022-01-05 10:01:40.220root 11241100x80000000000000006956692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8309b275fc04b802022-01-05 10:01:40.220root 11241100x80000000000000006956693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390aad93f7f145d02022-01-05 10:01:40.220root 11241100x80000000000000006956694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45aaa63b0785ad82022-01-05 10:01:40.220root 11241100x80000000000000006956695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2170b6f5769a4c802022-01-05 10:01:40.220root 11241100x80000000000000006956696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc257c05bcc2f2c82022-01-05 10:01:40.220root 11241100x80000000000000006956697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e837aefeb94fe312022-01-05 10:01:40.220root 11241100x80000000000000006956698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc0e5664d03596b2022-01-05 10:01:40.220root 11241100x80000000000000006956699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5644663e2261055b2022-01-05 10:01:40.220root 11241100x80000000000000006956700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.220{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f6fd9140cbc432022-01-05 10:01:40.220root 11241100x80000000000000006956701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7773347fa899b1952022-01-05 10:01:40.221root 11241100x80000000000000006956702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a614629dca8552cb2022-01-05 10:01:40.221root 11241100x80000000000000006956703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac7af36fc66bb42022-01-05 10:01:40.221root 11241100x80000000000000006956704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d534b59cc207442022-01-05 10:01:40.221root 11241100x80000000000000006956705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96fa3d94453a7c42022-01-05 10:01:40.221root 11241100x80000000000000006956706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc0f8c8f1f69d52022-01-05 10:01:40.221root 11241100x80000000000000006956707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421aedf1789260582022-01-05 10:01:40.221root 11241100x80000000000000006956708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd50079f6c5bcb8a2022-01-05 10:01:40.221root 11241100x80000000000000006956709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.221{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eb6d4824eac3eb2022-01-05 10:01:40.221root 11241100x80000000000000006956710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3731f9e25723e12022-01-05 10:01:40.710root 11241100x80000000000000006956711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb81ffd7d5dfbfd92022-01-05 10:01:40.710root 11241100x80000000000000006956712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480a519185732b0b2022-01-05 10:01:40.710root 11241100x80000000000000006956713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1169d17c57f6642022-01-05 10:01:40.710root 11241100x80000000000000006956714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf980471e8ab66a2022-01-05 10:01:40.710root 11241100x80000000000000006956715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bcb6d34a28502e2022-01-05 10:01:40.710root 11241100x80000000000000006956716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff0fcb75709780e2022-01-05 10:01:40.710root 11241100x80000000000000006956717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee118b16ee44a952022-01-05 10:01:40.710root 11241100x80000000000000006956718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0a42cbc6c47fd92022-01-05 10:01:40.711root 11241100x80000000000000006956719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c7e8202f6e30c72022-01-05 10:01:40.711root 11241100x80000000000000006956720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eef810cd804b0e2022-01-05 10:01:40.711root 11241100x80000000000000006956721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1cfe59ece9ca2c2022-01-05 10:01:40.711root 11241100x80000000000000006956722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8a3fea20ff94a32022-01-05 10:01:40.711root 11241100x80000000000000006956723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5fa10136f3706c2022-01-05 10:01:40.711root 11241100x80000000000000006956724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2118acdece48a82022-01-05 10:01:40.711root 11241100x80000000000000006956725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a2b905e41ab24a2022-01-05 10:01:40.711root 11241100x80000000000000006956726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ec58bf20a7f94d2022-01-05 10:01:40.711root 11241100x80000000000000006956727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef1678f1887a1142022-01-05 10:01:40.712root 11241100x80000000000000006956728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d9483e45241522022-01-05 10:01:40.712root 11241100x80000000000000006956729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96f8f13c0e053e92022-01-05 10:01:40.712root 11241100x80000000000000006956730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3036794ff499c82022-01-05 10:01:40.712root 11241100x80000000000000006956731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1458ea3ab8a62592022-01-05 10:01:40.712root 11241100x80000000000000006956732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bd66f1e3cb7afe2022-01-05 10:01:40.712root 11241100x80000000000000006956733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c2e36e720fefa42022-01-05 10:01:40.712root 11241100x80000000000000006956734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c3b615df25b0692022-01-05 10:01:40.712root 11241100x80000000000000006956735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec63be9d4cf87a32022-01-05 10:01:40.712root 11241100x80000000000000006956736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b926439217e71f432022-01-05 10:01:40.713root 11241100x80000000000000006956737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bfddb8013d01f72022-01-05 10:01:40.713root 11241100x80000000000000006956738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce56c41b884a643c2022-01-05 10:01:40.713root 11241100x80000000000000006956739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbec5829afffd1c72022-01-05 10:01:40.713root 11241100x80000000000000006956740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f069b6a694116e9d2022-01-05 10:01:40.713root 11241100x80000000000000006956741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa46af0d8934db42022-01-05 10:01:40.713root 11241100x80000000000000006956742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e89cee142b6f9e42022-01-05 10:01:40.713root 11241100x80000000000000006956743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1327ea66363f99d2022-01-05 10:01:40.713root 11241100x80000000000000006956744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35194401259a6422022-01-05 10:01:40.713root 11241100x80000000000000006956745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74431584fbc68cd12022-01-05 10:01:40.713root 11241100x80000000000000006956746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cbedffe11aaf3d2022-01-05 10:01:40.713root 11241100x80000000000000006956747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8300fdda2d8a652022-01-05 10:01:40.713root 11241100x80000000000000006956748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1404b95d8d90ef12022-01-05 10:01:40.714root 11241100x80000000000000006956749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6994a779bc6452022-01-05 10:01:40.714root 11241100x80000000000000006956750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c432741b4d2542052022-01-05 10:01:40.714root 11241100x80000000000000006956751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9793d1bac4ce042022-01-05 10:01:40.714root 11241100x80000000000000006956752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518e7a7265bc5b062022-01-05 10:01:40.714root 11241100x80000000000000006956753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e06992405af7ce2022-01-05 10:01:40.714root 11241100x80000000000000006956754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f4df592fe0ba32022-01-05 10:01:40.714root 11241100x80000000000000006956755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f31c58d05c148b52022-01-05 10:01:40.714root 11241100x80000000000000006956756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c8a2dd45d31aa52022-01-05 10:01:40.714root 11241100x80000000000000006956757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb482342612992e2022-01-05 10:01:40.714root 11241100x80000000000000006956758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd80b887beefb88e2022-01-05 10:01:40.714root 11241100x80000000000000006956759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3350ce09162ef12022-01-05 10:01:40.714root 11241100x80000000000000006956760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153c3dbab8d177c72022-01-05 10:01:40.714root 11241100x80000000000000006956761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94817f597938219e2022-01-05 10:01:40.714root 11241100x80000000000000006956762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e232890f2d476e2022-01-05 10:01:40.714root 11241100x80000000000000006956763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7005d90682a5fa72022-01-05 10:01:40.715root 11241100x80000000000000006956764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb129e1db7a37ab2022-01-05 10:01:40.715root 11241100x80000000000000006956765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74ab9b7eac082c72022-01-05 10:01:40.715root 11241100x80000000000000006956766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f993fb6fd7cf10ab2022-01-05 10:01:40.715root 11241100x80000000000000006956767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4778fd52022734902022-01-05 10:01:40.715root 11241100x80000000000000006956768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:40.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e7abb2f7123e702022-01-05 10:01:40.715root 11241100x80000000000000006956769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656746509473e7552022-01-05 10:01:41.209root 11241100x80000000000000006956770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4a67265721ab6f2022-01-05 10:01:41.209root 11241100x80000000000000006956771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1b8c27de40e5222022-01-05 10:01:41.210root 11241100x80000000000000006956772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305a87e3196e9252022-01-05 10:01:41.210root 11241100x80000000000000006956773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d02a71f9d93d402022-01-05 10:01:41.210root 11241100x80000000000000006956774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e910f5f08519aaf2022-01-05 10:01:41.210root 11241100x80000000000000006956775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4cdd658cc8ce8b2022-01-05 10:01:41.210root 11241100x80000000000000006956776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddee6b2d3eda9d22022-01-05 10:01:41.210root 11241100x80000000000000006956777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8dfd15d5689c2f2022-01-05 10:01:41.211root 11241100x80000000000000006956778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df68fcfb38e41abe2022-01-05 10:01:41.211root 11241100x80000000000000006956779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a83a19cb16dd702022-01-05 10:01:41.211root 11241100x80000000000000006956780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf33ed689a703fbd2022-01-05 10:01:41.211root 11241100x80000000000000006956781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8483553db000ef032022-01-05 10:01:41.211root 11241100x80000000000000006956782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bbc598e8b816012022-01-05 10:01:41.211root 11241100x80000000000000006956783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad4eaacc8712fb12022-01-05 10:01:41.211root 11241100x80000000000000006956784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee95e90a6c0b33c2022-01-05 10:01:41.212root 11241100x80000000000000006956785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759ce117e137bea32022-01-05 10:01:41.212root 11241100x80000000000000006956786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7813d74c54aad7302022-01-05 10:01:41.213root 11241100x80000000000000006956787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5baee3d96aa14f832022-01-05 10:01:41.213root 11241100x80000000000000006956788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b874359ec5a251392022-01-05 10:01:41.213root 11241100x80000000000000006956789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6621206cc370292022-01-05 10:01:41.214root 11241100x80000000000000006956790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01b07fd836879802022-01-05 10:01:41.214root 11241100x80000000000000006956791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726ecb570c9d7e0b2022-01-05 10:01:41.214root 11241100x80000000000000006956792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e533f41f1680cb2022-01-05 10:01:41.214root 11241100x80000000000000006956793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d6ad6e16b701a92022-01-05 10:01:41.215root 11241100x80000000000000006956794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57245d8262bfdd0d2022-01-05 10:01:41.215root 11241100x80000000000000006956795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ceddca7d1b51962022-01-05 10:01:41.215root 11241100x80000000000000006956796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c9f1951f911e2d2022-01-05 10:01:41.215root 11241100x80000000000000006956797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219c28b081c7e9212022-01-05 10:01:41.215root 11241100x80000000000000006956798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d87afe5e00aa0b2022-01-05 10:01:41.215root 11241100x80000000000000006956799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1a28dce289e4152022-01-05 10:01:41.215root 11241100x80000000000000006956800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ac4c6d9093f402022-01-05 10:01:41.215root 11241100x80000000000000006956801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447ca87a0c2648e52022-01-05 10:01:41.215root 11241100x80000000000000006956802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc06b55dc0467c32022-01-05 10:01:41.216root 11241100x80000000000000006956803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf49124826e24d932022-01-05 10:01:41.216root 11241100x80000000000000006956804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4361dcdbfacc4a4d2022-01-05 10:01:41.216root 11241100x80000000000000006956805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1357fe0ea7fd09672022-01-05 10:01:41.216root 11241100x80000000000000006956806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236386aac6d98ae52022-01-05 10:01:41.216root 11241100x80000000000000006956807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec54a93c2badf792022-01-05 10:01:41.216root 11241100x80000000000000006956808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d2175b1b09184f2022-01-05 10:01:41.216root 11241100x80000000000000006956809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d014ad0c6c4fab2022-01-05 10:01:41.217root 11241100x80000000000000006956810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197015a5f4f722d82022-01-05 10:01:41.217root 11241100x80000000000000006956811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c784f69a488f36f2022-01-05 10:01:41.217root 11241100x80000000000000006956812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7290b44f24230e62022-01-05 10:01:41.217root 11241100x80000000000000006956813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e22b78720e6ec82022-01-05 10:01:41.217root 11241100x80000000000000006956814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e26fc1a0ef163232022-01-05 10:01:41.217root 11241100x80000000000000006956815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19404cc988a12ab12022-01-05 10:01:41.217root 11241100x80000000000000006956816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a91bde1c47246232022-01-05 10:01:41.218root 11241100x80000000000000006956817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6145ae6ddf0f4cac2022-01-05 10:01:41.218root 11241100x80000000000000006956818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ca55d39ad5d95b2022-01-05 10:01:41.218root 11241100x80000000000000006956819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5490252733a252022-01-05 10:01:41.218root 11241100x80000000000000006956820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad1d293756d0bea2022-01-05 10:01:41.218root 11241100x80000000000000006956821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6693722dc414e252022-01-05 10:01:41.218root 11241100x80000000000000006956822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c3f9d1b7c04c5b2022-01-05 10:01:41.218root 11241100x80000000000000006956823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b6c0a368e6dfef2022-01-05 10:01:41.709root 11241100x80000000000000006956824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52101f710ddaaf532022-01-05 10:01:41.709root 11241100x80000000000000006956825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa712cd5c7812b0d2022-01-05 10:01:41.710root 11241100x80000000000000006956826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95317f3349f420c32022-01-05 10:01:41.710root 11241100x80000000000000006956827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28735ca0f312d9f2022-01-05 10:01:41.710root 11241100x80000000000000006956828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5515a2a8a884642022-01-05 10:01:41.710root 11241100x80000000000000006956829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866564839df9e8fe2022-01-05 10:01:41.710root 11241100x80000000000000006956830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7370040726cdb22022-01-05 10:01:41.710root 11241100x80000000000000006956831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56aeb2c171c1eb582022-01-05 10:01:41.710root 11241100x80000000000000006956832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7929afd074e82022022-01-05 10:01:41.710root 11241100x80000000000000006956833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1f5b0a415d79e2022-01-05 10:01:41.710root 11241100x80000000000000006956834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cb572fad70591f2022-01-05 10:01:41.711root 11241100x80000000000000006956835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98eb117e141ffb72022-01-05 10:01:41.711root 11241100x80000000000000006956836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee33f1ba79a87a082022-01-05 10:01:41.711root 11241100x80000000000000006956837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8276a9c63541b352022-01-05 10:01:41.711root 11241100x80000000000000006956838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984953fb765ae22f2022-01-05 10:01:41.711root 11241100x80000000000000006956839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559cef1cac062d6f2022-01-05 10:01:41.711root 11241100x80000000000000006956840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a31eac42a17ea22022-01-05 10:01:41.711root 11241100x80000000000000006956841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c984994bdc950e2022-01-05 10:01:41.711root 11241100x80000000000000006956842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b222828910ae28e62022-01-05 10:01:41.711root 11241100x80000000000000006956843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a29757a42b82772022-01-05 10:01:41.711root 11241100x80000000000000006956844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da2a4333c75e59b2022-01-05 10:01:41.712root 11241100x80000000000000006956845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589710bcc8f44e522022-01-05 10:01:41.712root 11241100x80000000000000006956846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd3e22c23f42dba2022-01-05 10:01:41.712root 11241100x80000000000000006956847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a865465bf43f573c2022-01-05 10:01:41.712root 11241100x80000000000000006956848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f003a7a6bee0072022-01-05 10:01:41.712root 11241100x80000000000000006956849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0ac0bb2ff45dc72022-01-05 10:01:41.712root 11241100x80000000000000006956850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb36300ca0bf4c2022-01-05 10:01:41.712root 11241100x80000000000000006956851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13569e9a37a1cf2022-01-05 10:01:41.712root 11241100x80000000000000006956852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be452e13b4f9271f2022-01-05 10:01:41.712root 11241100x80000000000000006956853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca4892e33f331da2022-01-05 10:01:41.713root 11241100x80000000000000006956854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fba963ac681d4b02022-01-05 10:01:41.713root 11241100x80000000000000006956855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caf1b2790e547dd2022-01-05 10:01:41.713root 11241100x80000000000000006956856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b3179f53e092a22022-01-05 10:01:41.713root 11241100x80000000000000006956857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69ceffe8a13f0932022-01-05 10:01:41.713root 11241100x80000000000000006956858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42bb318fd65fe32022-01-05 10:01:41.713root 11241100x80000000000000006956859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8122a63ff769a32022-01-05 10:01:41.713root 11241100x80000000000000006956860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dd56e36d46d8932022-01-05 10:01:41.713root 11241100x80000000000000006956861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430dbf957d8d83ed2022-01-05 10:01:41.713root 11241100x80000000000000006956862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ae70db20938ac2022-01-05 10:01:41.713root 11241100x80000000000000006956863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb50551139bb5d22022-01-05 10:01:41.713root 11241100x80000000000000006956864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91369cae28b6be262022-01-05 10:01:41.713root 11241100x80000000000000006956865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87b9bfbdb568f622022-01-05 10:01:41.714root 11241100x80000000000000006956866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f5b778ba529c672022-01-05 10:01:41.714root 11241100x80000000000000006956867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f5ce1c3ff323442022-01-05 10:01:41.714root 11241100x80000000000000006956868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428e17f7b85c3c042022-01-05 10:01:41.714root 11241100x80000000000000006956869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581d06ce2103bc632022-01-05 10:01:41.714root 11241100x80000000000000006956870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b0cdfead42ccb22022-01-05 10:01:41.714root 11241100x80000000000000006956871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09eae61794048e22022-01-05 10:01:41.714root 11241100x80000000000000006956872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac62c4ecc9f05ba62022-01-05 10:01:41.714root 11241100x80000000000000006956873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e17dbf67cfd6e92022-01-05 10:01:41.714root 11241100x80000000000000006956874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1580041fce93cf972022-01-05 10:01:41.714root 11241100x80000000000000006956875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1691ea1da4b5cf2022-01-05 10:01:41.714root 11241100x80000000000000006956876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3592cbdc2bb520492022-01-05 10:01:41.714root 11241100x80000000000000006956877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de20bd39f4a7d2b22022-01-05 10:01:41.714root 11241100x80000000000000006956878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad71a2903e7c13372022-01-05 10:01:41.714root 11241100x80000000000000006956879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d8a06cae73fbd2022-01-05 10:01:41.715root 11241100x80000000000000006956880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7533e6be68427d42022-01-05 10:01:41.715root 11241100x80000000000000006956881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4633925a54b2682022-01-05 10:01:41.715root 11241100x80000000000000006956882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27972ad67b9ae4c92022-01-05 10:01:41.715root 11241100x80000000000000006956883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5c05e8af46410a2022-01-05 10:01:41.715root 11241100x80000000000000006956884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e57c5b00c4cf5db2022-01-05 10:01:41.715root 11241100x80000000000000006956885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab95f087b3940a82022-01-05 10:01:41.715root 11241100x80000000000000006956886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:41.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266badf25726757e2022-01-05 10:01:41.715root 11241100x80000000000000006956887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e6d93df13a959d2022-01-05 10:01:42.209root 11241100x80000000000000006956888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a8790c12256bd82022-01-05 10:01:42.209root 11241100x80000000000000006956889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11516c3f06fc11dc2022-01-05 10:01:42.210root 11241100x80000000000000006956890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6abfdd0e071f83b2022-01-05 10:01:42.210root 11241100x80000000000000006956891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb258ec620b29162022-01-05 10:01:42.210root 11241100x80000000000000006956892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46db30f9cb5312582022-01-05 10:01:42.210root 11241100x80000000000000006956893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51314136decc51f2022-01-05 10:01:42.210root 11241100x80000000000000006956894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1f1230b5d8f7042022-01-05 10:01:42.210root 11241100x80000000000000006956895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98ac97cf3513f142022-01-05 10:01:42.210root 11241100x80000000000000006956896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6169f64aa7512a2022-01-05 10:01:42.210root 11241100x80000000000000006956897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0ad96c316ebaab2022-01-05 10:01:42.210root 11241100x80000000000000006956898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de00273dd93b8852022-01-05 10:01:42.210root 11241100x80000000000000006956899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e138858a9ca4cc2022-01-05 10:01:42.211root 11241100x80000000000000006956900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb29c25c95c206d2022-01-05 10:01:42.211root 11241100x80000000000000006956901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3bfe271b02d9e92022-01-05 10:01:42.211root 11241100x80000000000000006956902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2985e386150c5d42022-01-05 10:01:42.211root 11241100x80000000000000006956903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d340a5c57a8f9d72022-01-05 10:01:42.211root 11241100x80000000000000006956904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e03a7ece352a0de52022-01-05 10:01:42.211root 11241100x80000000000000006956905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45da0f6d1b526dc2022-01-05 10:01:42.211root 11241100x80000000000000006956906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65acfcecac836cf22022-01-05 10:01:42.211root 11241100x80000000000000006956907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff818e08281a2d122022-01-05 10:01:42.211root 11241100x80000000000000006956908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064a6d5b3b62a8932022-01-05 10:01:42.211root 11241100x80000000000000006956909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32964163b22b56e2022-01-05 10:01:42.212root 11241100x80000000000000006956910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121118f11fc2b8e62022-01-05 10:01:42.212root 11241100x80000000000000006956911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa203faba912a52022-01-05 10:01:42.212root 11241100x80000000000000006956912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c89bf6336cbbf12022-01-05 10:01:42.212root 11241100x80000000000000006956913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e6bdfd1c29b9052022-01-05 10:01:42.212root 11241100x80000000000000006956914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f988be0ae680c2022022-01-05 10:01:42.212root 11241100x80000000000000006956915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9c132ee22e51f52022-01-05 10:01:42.212root 11241100x80000000000000006956916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c48aeece128a572022-01-05 10:01:42.212root 11241100x80000000000000006956917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830cf43cd43d70eb2022-01-05 10:01:42.212root 11241100x80000000000000006956918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9efd4b6aeaf23de2022-01-05 10:01:42.212root 11241100x80000000000000006956919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd9c98ea498701d2022-01-05 10:01:42.212root 11241100x80000000000000006956920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3db8e32791b7c282022-01-05 10:01:42.213root 11241100x80000000000000006956921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95d618ef4cc763d2022-01-05 10:01:42.213root 11241100x80000000000000006956922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1665de707bd27092022-01-05 10:01:42.213root 11241100x80000000000000006956923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb19831cf4e77cc32022-01-05 10:01:42.213root 11241100x80000000000000006956924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eba4300bbdbf19e2022-01-05 10:01:42.213root 11241100x80000000000000006956925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e8caf553eae8a52022-01-05 10:01:42.213root 11241100x80000000000000006956926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79481495e8f11af2022-01-05 10:01:42.213root 11241100x80000000000000006956927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8563123443d942c2022-01-05 10:01:42.213root 11241100x80000000000000006956928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eebf2f4cb4ac0b2022-01-05 10:01:42.213root 11241100x80000000000000006956929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91585caf5cde70e72022-01-05 10:01:42.213root 11241100x80000000000000006956930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f907ce7ab91db41d2022-01-05 10:01:42.213root 11241100x80000000000000006956931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8597ca9f1599d032022-01-05 10:01:42.213root 11241100x80000000000000006956932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f1e7e76e9835a2022-01-05 10:01:42.214root 11241100x80000000000000006956933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecf975ccd0bc3452022-01-05 10:01:42.214root 11241100x80000000000000006956934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64e796077f2ecd22022-01-05 10:01:42.214root 11241100x80000000000000006956935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e882cc7982fc5452022-01-05 10:01:42.214root 11241100x80000000000000006956936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa056eb5a373fc2022-01-05 10:01:42.214root 11241100x80000000000000006956937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0ad0351c9123d02022-01-05 10:01:42.214root 11241100x80000000000000006956938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4789e9dba8765da12022-01-05 10:01:42.214root 11241100x80000000000000006956939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9471901c967137862022-01-05 10:01:42.214root 11241100x80000000000000006956940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782614be58b16e232022-01-05 10:01:42.214root 11241100x80000000000000006956941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257a317d619bddfd2022-01-05 10:01:42.214root 11241100x80000000000000006956942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f70e5bc7c9b9612022-01-05 10:01:42.215root 11241100x80000000000000006956943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c0cf50a9b3f9102022-01-05 10:01:42.215root 11241100x80000000000000006956944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192159bb5c19cf712022-01-05 10:01:42.215root 11241100x80000000000000006956945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802a069fa623b8bf2022-01-05 10:01:42.215root 11241100x80000000000000006956946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70db78febcbc61e72022-01-05 10:01:42.215root 11241100x80000000000000006956947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d311dbe690480e12022-01-05 10:01:42.215root 11241100x80000000000000006956948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cef9ee60057d9062022-01-05 10:01:42.215root 11241100x80000000000000006956949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c860e6694d076c2022-01-05 10:01:42.215root 11241100x80000000000000006956950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4e03ce8c8beaea2022-01-05 10:01:42.215root 11241100x80000000000000006956951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f232303f0581a1b12022-01-05 10:01:42.215root 11241100x80000000000000006956952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e3e761091096812022-01-05 10:01:42.215root 11241100x80000000000000006956953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a99a88bb5ffbe2022-01-05 10:01:42.710root 11241100x80000000000000006956954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0164204ff9c746072022-01-05 10:01:42.710root 11241100x80000000000000006956955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf837bd19a389e6f2022-01-05 10:01:42.710root 11241100x80000000000000006956956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69b34a878e5c3442022-01-05 10:01:42.710root 11241100x80000000000000006956957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a9e9fa6aa928572022-01-05 10:01:42.710root 11241100x80000000000000006956958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e154bb741853e072022-01-05 10:01:42.710root 11241100x80000000000000006956959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6513b4ca968dc1e2022-01-05 10:01:42.710root 11241100x80000000000000006956960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c102ac15a8cb39d42022-01-05 10:01:42.710root 11241100x80000000000000006956961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a17d8daf59c2c72022-01-05 10:01:42.711root 11241100x80000000000000006956962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd3403ecc86831e2022-01-05 10:01:42.711root 11241100x80000000000000006956963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb967ff8c5ff27f42022-01-05 10:01:42.711root 11241100x80000000000000006956964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518a4f7ffa10663e2022-01-05 10:01:42.711root 11241100x80000000000000006956965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f24ec96fb608bc42022-01-05 10:01:42.711root 11241100x80000000000000006956966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45517c08821832532022-01-05 10:01:42.711root 11241100x80000000000000006956967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c94078841c93f2022-01-05 10:01:42.711root 11241100x80000000000000006956968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8f9b39c02c57a22022-01-05 10:01:42.711root 11241100x80000000000000006956969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c4be9ee11cad52022-01-05 10:01:42.711root 11241100x80000000000000006956970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16b978de8340e9a2022-01-05 10:01:42.711root 11241100x80000000000000006956971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcd903a7ce3299b2022-01-05 10:01:42.712root 11241100x80000000000000006956972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbe8111b8bea00d2022-01-05 10:01:42.712root 11241100x80000000000000006956973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b97bb52a5dbf6b2022-01-05 10:01:42.712root 11241100x80000000000000006956974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c6e8f86ed581c2022-01-05 10:01:42.712root 11241100x80000000000000006956975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8928d367e3cdf6712022-01-05 10:01:42.712root 11241100x80000000000000006956976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a497227cee48f36f2022-01-05 10:01:42.712root 11241100x80000000000000006956977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508a523f70cb3a5f2022-01-05 10:01:42.712root 11241100x80000000000000006956978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc17e3eabd3dd352022-01-05 10:01:42.713root 11241100x80000000000000006956979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9208ca14e18237b2022-01-05 10:01:42.713root 11241100x80000000000000006956980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dcdda28b5fcd502022-01-05 10:01:42.714root 11241100x80000000000000006956981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48743347d6b3a5c2022-01-05 10:01:42.714root 11241100x80000000000000006956982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4079b956e83777742022-01-05 10:01:42.714root 11241100x80000000000000006956983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3359ef7ea57675d2022-01-05 10:01:42.714root 11241100x80000000000000006956984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b203eff142daeb1f2022-01-05 10:01:42.714root 11241100x80000000000000006956985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10a358c1c599b302022-01-05 10:01:42.714root 11241100x80000000000000006956986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f268a44a2ee5282022-01-05 10:01:42.714root 11241100x80000000000000006956987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c3fc16daabbd542022-01-05 10:01:42.715root 11241100x80000000000000006956988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6283c4239c91802022-01-05 10:01:42.715root 11241100x80000000000000006956989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151ea01a5f374f152022-01-05 10:01:42.715root 11241100x80000000000000006956990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adc27bce24106082022-01-05 10:01:42.715root 11241100x80000000000000006956991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ab559e95b73f492022-01-05 10:01:42.715root 11241100x80000000000000006956992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddeec6127e23a94b2022-01-05 10:01:42.715root 11241100x80000000000000006956993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb91530a07544c12022-01-05 10:01:42.715root 11241100x80000000000000006956994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77a6a915f4337562022-01-05 10:01:42.715root 11241100x80000000000000006956995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de72951dfd5457492022-01-05 10:01:42.715root 11241100x80000000000000006956996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e642d90e68a3cc62022-01-05 10:01:42.716root 11241100x80000000000000006956997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d41317e924bdd42022-01-05 10:01:42.716root 11241100x80000000000000006956998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8f76b3790da6612022-01-05 10:01:42.716root 11241100x80000000000000006956999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6522d1d53ab099d2022-01-05 10:01:42.716root 11241100x80000000000000006957000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578c238c1cb1ecdd2022-01-05 10:01:42.716root 11241100x80000000000000006957001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022eccbd225893df2022-01-05 10:01:42.716root 11241100x80000000000000006957002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5a4d4ede4840b2022-01-05 10:01:42.716root 11241100x80000000000000006957003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1c8d2ca5bdb0f22022-01-05 10:01:42.716root 11241100x80000000000000006957004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e7f5b2b78aae402022-01-05 10:01:42.717root 11241100x80000000000000006957005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0347084d9e782392022-01-05 10:01:42.717root 11241100x80000000000000006957006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a716da4b5e525eb2022-01-05 10:01:42.717root 11241100x80000000000000006957007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f18480804d747a72022-01-05 10:01:42.717root 11241100x80000000000000006957008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d4a2ef76b8c1dc2022-01-05 10:01:42.717root 11241100x80000000000000006957009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b756e84fa8bc7ee2022-01-05 10:01:42.717root 11241100x80000000000000006957010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8098a00d39fd042022-01-05 10:01:42.717root 11241100x80000000000000006957011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a57b195367af1bc2022-01-05 10:01:42.718root 11241100x80000000000000006957012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751a22ba77b1b832022-01-05 10:01:42.718root 11241100x80000000000000006957013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532ff6d3dd0e2fd12022-01-05 10:01:42.718root 11241100x80000000000000006957014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:42.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394727224fa9b4a22022-01-05 10:01:42.718root 11241100x80000000000000006957015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da6d6cc0796da912022-01-05 10:01:43.209root 11241100x80000000000000006957016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01079d00a73f51b32022-01-05 10:01:43.210root 11241100x80000000000000006957017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3297fbfa625d85ea2022-01-05 10:01:43.210root 11241100x80000000000000006957018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa3e1bf9fd544f72022-01-05 10:01:43.210root 11241100x80000000000000006957019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e855a78ebefca0bd2022-01-05 10:01:43.210root 11241100x80000000000000006957020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fae74fb335d8ac2022-01-05 10:01:43.210root 11241100x80000000000000006957021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ecf21575fc3ed82022-01-05 10:01:43.211root 11241100x80000000000000006957022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56bacf2ad772db82022-01-05 10:01:43.211root 11241100x80000000000000006957023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a937d67b9f83dd22022-01-05 10:01:43.211root 11241100x80000000000000006957024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76b4ccb62393432022-01-05 10:01:43.211root 11241100x80000000000000006957025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c72385a081629f2022-01-05 10:01:43.211root 11241100x80000000000000006957026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0472d056f0440a7f2022-01-05 10:01:43.212root 11241100x80000000000000006957027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0b09200b9ce3fd2022-01-05 10:01:43.212root 11241100x80000000000000006957028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21c64aa6ac7987d2022-01-05 10:01:43.212root 11241100x80000000000000006957029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc68e675cb5573f2022-01-05 10:01:43.212root 11241100x80000000000000006957030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbdf394074270842022-01-05 10:01:43.212root 11241100x80000000000000006957031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68ea748d916dc4b2022-01-05 10:01:43.212root 11241100x80000000000000006957032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4a30ed66cfd7d52022-01-05 10:01:43.212root 11241100x80000000000000006957033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb7ee09f1f3ec22022-01-05 10:01:43.212root 11241100x80000000000000006957034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61808b77574eccad2022-01-05 10:01:43.212root 11241100x80000000000000006957035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc187987bb9e720b2022-01-05 10:01:43.212root 11241100x80000000000000006957036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8483eaba96e235f12022-01-05 10:01:43.212root 11241100x80000000000000006957037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd94ae5a8da9ab62022-01-05 10:01:43.212root 11241100x80000000000000006957038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5c9260551b709c2022-01-05 10:01:43.212root 11241100x80000000000000006957039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a3a77523df33c32022-01-05 10:01:43.212root 11241100x80000000000000006957040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecee7b6cb3eceb3c2022-01-05 10:01:43.213root 11241100x80000000000000006957041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b878966fe62b56e2022-01-05 10:01:43.213root 11241100x80000000000000006957042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a1b32ef7e956812022-01-05 10:01:43.213root 11241100x80000000000000006957043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357cfc18d8973b9f2022-01-05 10:01:43.213root 11241100x80000000000000006957044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ef9e4465855402022-01-05 10:01:43.213root 11241100x80000000000000006957045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259bf7778ea00c8e2022-01-05 10:01:43.213root 11241100x80000000000000006957046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895416da770a86782022-01-05 10:01:43.213root 11241100x80000000000000006957047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3625da32ec73a1b12022-01-05 10:01:43.213root 11241100x80000000000000006957048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17222fea142434a82022-01-05 10:01:43.213root 11241100x80000000000000006957049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7308588076b01c2022-01-05 10:01:43.213root 11241100x80000000000000006957050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0f1d3d4b7ce1ea2022-01-05 10:01:43.213root 11241100x80000000000000006957051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c954ae61c52c1bf62022-01-05 10:01:43.214root 11241100x80000000000000006957052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff9704d91ea02b92022-01-05 10:01:43.214root 11241100x80000000000000006957053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb74fcdc32d1ed32022-01-05 10:01:43.214root 11241100x80000000000000006957054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503c82923854e0e62022-01-05 10:01:43.214root 11241100x80000000000000006957055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc83a3cf5f8fa512022-01-05 10:01:43.214root 11241100x80000000000000006957056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae8edac61a3cb502022-01-05 10:01:43.214root 11241100x80000000000000006957057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1dd49afe9499e032022-01-05 10:01:43.214root 11241100x80000000000000006957058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ea16bf27e8b5ac2022-01-05 10:01:43.218root 11241100x80000000000000006957059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39085f2fade8e5152022-01-05 10:01:43.218root 11241100x80000000000000006957060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fb1b584c6f440a2022-01-05 10:01:43.219root 11241100x80000000000000006957061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc1be93e00b5e02022-01-05 10:01:43.219root 11241100x80000000000000006957062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a850a7762fa80c2022-01-05 10:01:43.709root 11241100x80000000000000006957063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a52468137b779162022-01-05 10:01:43.709root 11241100x80000000000000006957064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ee736f716495752022-01-05 10:01:43.710root 11241100x80000000000000006957065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3df8351c0bbc252022-01-05 10:01:43.710root 11241100x80000000000000006957066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115bdf04f755c442022-01-05 10:01:43.710root 11241100x80000000000000006957067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba84c8f75ec8c3fd2022-01-05 10:01:43.710root 11241100x80000000000000006957068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e74475649e1e92022-01-05 10:01:43.710root 11241100x80000000000000006957069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b6d4c7ed2d29e22022-01-05 10:01:43.710root 11241100x80000000000000006957070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352e2c2c920ffd6d2022-01-05 10:01:43.711root 11241100x80000000000000006957071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4d14c40f1de4aa2022-01-05 10:01:43.712root 11241100x80000000000000006957072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba7121ce418b5552022-01-05 10:01:43.712root 11241100x80000000000000006957073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883badf72c345c1b2022-01-05 10:01:43.712root 11241100x80000000000000006957074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb46ecb2f4af6a02022-01-05 10:01:43.712root 11241100x80000000000000006957075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a0016a1ffe47a22022-01-05 10:01:43.712root 11241100x80000000000000006957076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f23d799bcb1c352022-01-05 10:01:43.712root 11241100x80000000000000006957077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e32c48f8e66aa12022-01-05 10:01:43.712root 11241100x80000000000000006957078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c91fb643d735922022-01-05 10:01:43.712root 11241100x80000000000000006957079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a13c8b5b2d12172022-01-05 10:01:43.713root 11241100x80000000000000006957080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dbf022e26251f72022-01-05 10:01:43.713root 11241100x80000000000000006957081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657d0b1f0515ea6b2022-01-05 10:01:43.713root 11241100x80000000000000006957082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff13491d29806f42022-01-05 10:01:43.714root 11241100x80000000000000006957083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1127ee4f4f25dd2022-01-05 10:01:43.714root 11241100x80000000000000006957084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfdc96ec6fd62ec2022-01-05 10:01:43.714root 11241100x80000000000000006957085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273eefd667c117ae2022-01-05 10:01:43.714root 11241100x80000000000000006957086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644f0b53e786b7f2022-01-05 10:01:43.714root 11241100x80000000000000006957087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f24342bc0e2ced82022-01-05 10:01:43.714root 11241100x80000000000000006957088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7bf53797266efa2022-01-05 10:01:43.714root 11241100x80000000000000006957089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166aa2723ce219c52022-01-05 10:01:43.714root 11241100x80000000000000006957090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66535a8c7248020b2022-01-05 10:01:43.715root 11241100x80000000000000006957091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f98882c6fcd0432022-01-05 10:01:43.715root 11241100x80000000000000006957092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ed093872d4ffba2022-01-05 10:01:43.715root 11241100x80000000000000006957093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a33e7bac78abf062022-01-05 10:01:43.715root 11241100x80000000000000006957094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae2749ce92661412022-01-05 10:01:43.715root 11241100x80000000000000006957095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654bb78c6d2075872022-01-05 10:01:43.715root 11241100x80000000000000006957096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11c68fdd03963912022-01-05 10:01:43.715root 11241100x80000000000000006957097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c07303e734cc5852022-01-05 10:01:43.715root 11241100x80000000000000006957098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3618d37a17467d32022-01-05 10:01:43.715root 11241100x80000000000000006957099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67e9c2dd3b96ad52022-01-05 10:01:43.716root 11241100x80000000000000006957100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe2842d52aed0992022-01-05 10:01:43.716root 11241100x80000000000000006957101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aed797eb753d8a2022-01-05 10:01:43.716root 11241100x80000000000000006957102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18652d99cc72625b2022-01-05 10:01:43.716root 11241100x80000000000000006957103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d6bfad722fe0ec2022-01-05 10:01:43.716root 11241100x80000000000000006957104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97eac8ffc7e965462022-01-05 10:01:43.716root 11241100x80000000000000006957105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d806d8a2e6abb5d2022-01-05 10:01:43.716root 11241100x80000000000000006957106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88928032af277f142022-01-05 10:01:43.716root 11241100x80000000000000006957107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a03085b5891fb2022-01-05 10:01:43.716root 11241100x80000000000000006957108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eadd4211e1d024e2022-01-05 10:01:43.716root 11241100x80000000000000006957109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad84fa09f88b4782022-01-05 10:01:43.716root 11241100x80000000000000006957110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e73e0fc36b58be2022-01-05 10:01:43.716root 11241100x80000000000000006957111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5908686b8331f9d42022-01-05 10:01:43.716root 11241100x80000000000000006957112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c51b830491e2d3f2022-01-05 10:01:43.717root 11241100x80000000000000006957113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9858e3d7d505f4262022-01-05 10:01:43.717root 11241100x80000000000000006957114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12214af1338b42082022-01-05 10:01:43.717root 11241100x80000000000000006957115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25b275bc02cdd1a2022-01-05 10:01:43.717root 11241100x80000000000000006957116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5b9a87a307daf2022-01-05 10:01:43.717root 11241100x80000000000000006957117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db59e45420b69742022-01-05 10:01:43.717root 11241100x80000000000000006957118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb6eb43b81834b32022-01-05 10:01:43.717root 11241100x80000000000000006957119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.717{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba8c41a974965b32022-01-05 10:01:43.717root 11241100x80000000000000006957120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10475d1a3fe7bb312022-01-05 10:01:43.718root 11241100x80000000000000006957121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fc54f7e223d6ae2022-01-05 10:01:43.718root 11241100x80000000000000006957122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acba98f44465c522022-01-05 10:01:43.718root 11241100x80000000000000006957123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e4124019799aab2022-01-05 10:01:43.718root 11241100x80000000000000006957124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba4141b05a698f62022-01-05 10:01:43.718root 11241100x80000000000000006957125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8663be3f0b76242022-01-05 10:01:43.718root 11241100x80000000000000006957126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e599f6f5278e6b862022-01-05 10:01:43.718root 11241100x80000000000000006957127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8dc412fdc857fd2022-01-05 10:01:43.718root 11241100x80000000000000006957128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7926f20ca62c0772022-01-05 10:01:43.718root 11241100x80000000000000006957129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:43.718{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73953e4c89dd1212022-01-05 10:01:43.718root 354300x80000000000000006957130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.199{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41692-false10.0.1.12-8000- 11241100x80000000000000006957131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.199{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d86ff2ad6785c12022-01-05 10:01:44.199root 11241100x80000000000000006957132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.199{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a924990a39695b82022-01-05 10:01:44.199root 11241100x80000000000000006957133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0719499d697950462022-01-05 10:01:44.201root 11241100x80000000000000006957134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21965d57e5b18dc2022-01-05 10:01:44.201root 11241100x80000000000000006957135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b25d9012ed29592022-01-05 10:01:44.201root 11241100x80000000000000006957136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb1ebcf2dcd10772022-01-05 10:01:44.201root 11241100x80000000000000006957137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb58ea878afbdbaf2022-01-05 10:01:44.201root 11241100x80000000000000006957138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c07517fda5d65772022-01-05 10:01:44.201root 11241100x80000000000000006957139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.201{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46108e40c3fac6ea2022-01-05 10:01:44.201root 11241100x80000000000000006957140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee6e432d231cdf22022-01-05 10:01:44.202root 11241100x80000000000000006957141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5613c88378e3608b2022-01-05 10:01:44.202root 11241100x80000000000000006957142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76ce6072237c44c2022-01-05 10:01:44.202root 11241100x80000000000000006957143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859c5f36b40b2bff2022-01-05 10:01:44.202root 11241100x80000000000000006957144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e3b7a36fcfcb3d2022-01-05 10:01:44.202root 11241100x80000000000000006957145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f93b7f38a254582022-01-05 10:01:44.202root 11241100x80000000000000006957146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa71f1cf9c6a81f2022-01-05 10:01:44.202root 11241100x80000000000000006957147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.202{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0885265f2e9a5e2022-01-05 10:01:44.202root 11241100x80000000000000006957148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.203{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457b1f3c888644fe2022-01-05 10:01:44.203root 11241100x80000000000000006957149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d242a2d6f11819e2022-01-05 10:01:44.204root 11241100x80000000000000006957150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1da0fe4f7fbd1f2022-01-05 10:01:44.204root 11241100x80000000000000006957151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e12ff1227a16a242022-01-05 10:01:44.204root 11241100x80000000000000006957152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4321a7c15bd198462022-01-05 10:01:44.204root 11241100x80000000000000006957153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc5b53e8ab9f6282022-01-05 10:01:44.204root 11241100x80000000000000006957154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec8ddc5593386412022-01-05 10:01:44.204root 11241100x80000000000000006957155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.204{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b07115dc1bf722e2022-01-05 10:01:44.204root 11241100x80000000000000006957156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.205{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8017c7ece9e33e12022-01-05 10:01:44.205root 11241100x80000000000000006957157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.205{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e4d648fcb2dfa2022-01-05 10:01:44.205root 11241100x80000000000000006957158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.205{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1fdcea601bed9c2022-01-05 10:01:44.205root 11241100x80000000000000006957159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.206{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6738d83fc8cbadf2022-01-05 10:01:44.206root 11241100x80000000000000006957160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.208{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2289858d7408832022-01-05 10:01:44.208root 11241100x80000000000000006957161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01a1fadc04c1b042022-01-05 10:01:44.209root 11241100x80000000000000006957162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3ed98b07393cd72022-01-05 10:01:44.209root 11241100x80000000000000006957163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f925cac91e0d6a2022-01-05 10:01:44.209root 11241100x80000000000000006957164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a306c31726db3722022-01-05 10:01:44.209root 11241100x80000000000000006957165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf059a547f167192022-01-05 10:01:44.209root 11241100x80000000000000006957166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda1e810c3e8309d2022-01-05 10:01:44.209root 11241100x80000000000000006957167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e170023f41cece0a2022-01-05 10:01:44.209root 11241100x80000000000000006957168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7aa15e35144b202022-01-05 10:01:44.209root 11241100x80000000000000006957169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa21fd97153324fa2022-01-05 10:01:44.209root 11241100x80000000000000006957170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530f9d07f6e1e3a52022-01-05 10:01:44.210root 11241100x80000000000000006957171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76632ec3e9715f592022-01-05 10:01:44.460root 11241100x80000000000000006957172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76f72884a82cb92022-01-05 10:01:44.460root 11241100x80000000000000006957173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb93ab51daa127fe2022-01-05 10:01:44.461root 11241100x80000000000000006957174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669bf6b132c866ee2022-01-05 10:01:44.461root 11241100x80000000000000006957175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212d361714b74a4c2022-01-05 10:01:44.461root 11241100x80000000000000006957176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf09079e57f6c6592022-01-05 10:01:44.462root 11241100x80000000000000006957177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f34482abd0cd82022-01-05 10:01:44.462root 11241100x80000000000000006957178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa06486c8871944e2022-01-05 10:01:44.463root 11241100x80000000000000006957179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fab5a9a2fd17b02022-01-05 10:01:44.463root 11241100x80000000000000006957180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa7e41dabd45c522022-01-05 10:01:44.464root 11241100x80000000000000006957181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c578755b190acbb82022-01-05 10:01:44.464root 11241100x80000000000000006957182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cab13d46139d922022-01-05 10:01:44.465root 11241100x80000000000000006957183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bf51ba90445f7b2022-01-05 10:01:44.465root 11241100x80000000000000006957184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1876544ae5acc122022-01-05 10:01:44.465root 11241100x80000000000000006957185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d83d697db32b2fe2022-01-05 10:01:44.465root 11241100x80000000000000006957186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb564a02692db1662022-01-05 10:01:44.465root 11241100x80000000000000006957187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346f30fc7e792d0c2022-01-05 10:01:44.465root 11241100x80000000000000006957188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.465{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c6fe09817453d62022-01-05 10:01:44.465root 11241100x80000000000000006957189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bdbe675d07bede2022-01-05 10:01:44.466root 11241100x80000000000000006957190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b98ce598c4ed5ab2022-01-05 10:01:44.466root 11241100x80000000000000006957191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9e189ac79efb662022-01-05 10:01:44.466root 11241100x80000000000000006957192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc2b0f5f71a795c2022-01-05 10:01:44.466root 11241100x80000000000000006957193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.466{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a630381b73e183a72022-01-05 10:01:44.466root 11241100x80000000000000006957194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23242dda3ee29f12022-01-05 10:01:44.467root 11241100x80000000000000006957195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d3a22d4fba82c72022-01-05 10:01:44.467root 11241100x80000000000000006957196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fd1fef1977380a2022-01-05 10:01:44.467root 11241100x80000000000000006957197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba6186ea5e11b472022-01-05 10:01:44.467root 11241100x80000000000000006957198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5681c108c1c0f512022-01-05 10:01:44.467root 11241100x80000000000000006957199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.467{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89da47e3585a00c2022-01-05 10:01:44.467root 11241100x80000000000000006957200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed465e9da174f8d22022-01-05 10:01:44.468root 11241100x80000000000000006957201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf9fd53e5c9b3c2022-01-05 10:01:44.468root 11241100x80000000000000006957202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f23afec12ad3222022-01-05 10:01:44.468root 11241100x80000000000000006957203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e37071b92aac052022-01-05 10:01:44.468root 11241100x80000000000000006957204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3927179f7229802022-01-05 10:01:44.468root 11241100x80000000000000006957205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.468{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af75fc29ac5f4d02022-01-05 10:01:44.468root 11241100x80000000000000006957206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8c4da3c1b59232022-01-05 10:01:44.469root 11241100x80000000000000006957207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a737c270996c0d662022-01-05 10:01:44.469root 11241100x80000000000000006957208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de7ff4d845db94b2022-01-05 10:01:44.469root 11241100x80000000000000006957209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.469{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f0f515bba02fd72022-01-05 10:01:44.469root 11241100x80000000000000006957210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5515f26ad9ee31e32022-01-05 10:01:44.470root 11241100x80000000000000006957211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e1c21a70c4d5982022-01-05 10:01:44.470root 11241100x80000000000000006957212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830f7507f3438442022-01-05 10:01:44.470root 11241100x80000000000000006957213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.470{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7d95f4f80268e52022-01-05 10:01:44.470root 11241100x80000000000000006957214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b043fa0c1e71fa122022-01-05 10:01:44.471root 11241100x80000000000000006957215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e1010a0a9f71ee2022-01-05 10:01:44.471root 11241100x80000000000000006957216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4ad91c23934aa52022-01-05 10:01:44.471root 11241100x80000000000000006957217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c5312afac60e102022-01-05 10:01:44.471root 11241100x80000000000000006957218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.471{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9849a46aa0a1ddcc2022-01-05 10:01:44.471root 11241100x80000000000000006957219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8444f9a16f132de12022-01-05 10:01:44.960root 11241100x80000000000000006957220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed83a78af0138cb72022-01-05 10:01:44.960root 11241100x80000000000000006957221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9eb5eb24340cc12022-01-05 10:01:44.960root 11241100x80000000000000006957222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d78a1830eb31e2022-01-05 10:01:44.961root 11241100x80000000000000006957223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef23c535092ab0f2022-01-05 10:01:44.961root 11241100x80000000000000006957224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdcce5e44ad2f2f2022-01-05 10:01:44.961root 11241100x80000000000000006957225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d9e01c0894220f2022-01-05 10:01:44.961root 11241100x80000000000000006957226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae98cd2c01340c2022-01-05 10:01:44.962root 11241100x80000000000000006957227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6559b9ef0ee0353d2022-01-05 10:01:44.962root 11241100x80000000000000006957228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ff51c0e8a3cc62022-01-05 10:01:44.962root 11241100x80000000000000006957229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56475e55646196dd2022-01-05 10:01:44.962root 11241100x80000000000000006957230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6444c7d9bd76d82022-01-05 10:01:44.962root 11241100x80000000000000006957231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8449b49f3c8a6e5e2022-01-05 10:01:44.962root 11241100x80000000000000006957232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c86dd971a41b3592022-01-05 10:01:44.962root 11241100x80000000000000006957233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aa310ddcf380212022-01-05 10:01:44.962root 11241100x80000000000000006957234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88c485570f66c182022-01-05 10:01:44.962root 11241100x80000000000000006957235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d437451908a0132022-01-05 10:01:44.962root 11241100x80000000000000006957236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780a0321673c54682022-01-05 10:01:44.962root 11241100x80000000000000006957237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ed323ddfc3c7e82022-01-05 10:01:44.962root 11241100x80000000000000006957238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff68fae35a4abf832022-01-05 10:01:44.963root 11241100x80000000000000006957239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123f4d42efb760642022-01-05 10:01:44.963root 11241100x80000000000000006957240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875f588b6ca2c69e2022-01-05 10:01:44.963root 11241100x80000000000000006957241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa072e78038dc3392022-01-05 10:01:44.963root 11241100x80000000000000006957242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fddf29523b8ebcbe2022-01-05 10:01:44.963root 11241100x80000000000000006957243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c689b50e9a8b2edf2022-01-05 10:01:44.963root 11241100x80000000000000006957244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9e02dc272fc1f22022-01-05 10:01:44.964root 11241100x80000000000000006957245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c44656b2d9d2092022-01-05 10:01:44.964root 11241100x80000000000000006957246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202b4b15f99bd8b42022-01-05 10:01:44.964root 11241100x80000000000000006957247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f72c5c8854b1662022-01-05 10:01:44.964root 11241100x80000000000000006957248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935708cba9c31a522022-01-05 10:01:44.964root 11241100x80000000000000006957249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b9096d4a3e38a82022-01-05 10:01:44.964root 11241100x80000000000000006957250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc2893c62b142822022-01-05 10:01:44.964root 11241100x80000000000000006957251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7b1b5405dbeea2022-01-05 10:01:44.964root 11241100x80000000000000006957252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7abaaf066c618b2022-01-05 10:01:44.964root 11241100x80000000000000006957253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7dd2ff1d7b2bb12022-01-05 10:01:44.964root 11241100x80000000000000006957254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c070f0ee5e2bcf5c2022-01-05 10:01:44.964root 11241100x80000000000000006957255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f907398c86a4922022-01-05 10:01:44.964root 11241100x80000000000000006957256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8058da3fd2414c3f2022-01-05 10:01:44.965root 11241100x80000000000000006957257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:44.965{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528dca6abe534a372022-01-05 10:01:44.965root 11241100x80000000000000006957258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffdb16e6df19a542022-01-05 10:01:45.459root 11241100x80000000000000006957259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb48f31d9b7fad062022-01-05 10:01:45.459root 11241100x80000000000000006957260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a42049acd367b2022-01-05 10:01:45.460root 11241100x80000000000000006957261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b630b35610ef1b2c2022-01-05 10:01:45.460root 11241100x80000000000000006957262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f7cb6f28f0ea592022-01-05 10:01:45.460root 11241100x80000000000000006957263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2474b99203db563b2022-01-05 10:01:45.460root 11241100x80000000000000006957264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c223917b65f707e2022-01-05 10:01:45.460root 11241100x80000000000000006957265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ec0fa1a3d72962022-01-05 10:01:45.460root 11241100x80000000000000006957266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde8efb4c886cb8c2022-01-05 10:01:45.460root 11241100x80000000000000006957267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55867b923fe442c2022-01-05 10:01:45.460root 11241100x80000000000000006957268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d4147071cbbeb42022-01-05 10:01:45.461root 11241100x80000000000000006957269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0661b642df3d4262022-01-05 10:01:45.461root 11241100x80000000000000006957270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c21c1e086efd7022022-01-05 10:01:45.461root 11241100x80000000000000006957271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3828c04e31a0152022-01-05 10:01:45.461root 11241100x80000000000000006957272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1e4de37dbcabab2022-01-05 10:01:45.461root 11241100x80000000000000006957273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec5390a5eee90392022-01-05 10:01:45.461root 11241100x80000000000000006957274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014b2d1cd1db07ef2022-01-05 10:01:45.461root 11241100x80000000000000006957275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4ee741a42301e22022-01-05 10:01:45.461root 11241100x80000000000000006957276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54b501f83ccd7922022-01-05 10:01:45.461root 11241100x80000000000000006957277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14aad20484c11f122022-01-05 10:01:45.461root 11241100x80000000000000006957278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6fc497662ca6782022-01-05 10:01:45.461root 11241100x80000000000000006957279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c83b659c8b43b32022-01-05 10:01:45.462root 11241100x80000000000000006957280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6262f9871674b6e2022-01-05 10:01:45.462root 11241100x80000000000000006957281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8b2eedcb154bd32022-01-05 10:01:45.462root 11241100x80000000000000006957282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f153e49bf3a6450d2022-01-05 10:01:45.462root 11241100x80000000000000006957283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43182727f561f9c42022-01-05 10:01:45.462root 11241100x80000000000000006957284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61171de3716195552022-01-05 10:01:45.462root 11241100x80000000000000006957285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075edea929df38242022-01-05 10:01:45.462root 11241100x80000000000000006957286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb246254fbd56c3c2022-01-05 10:01:45.462root 11241100x80000000000000006957287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7a77b7404d0b232022-01-05 10:01:45.462root 11241100x80000000000000006957288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a3b31e61104ae2022-01-05 10:01:45.462root 11241100x80000000000000006957289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1be20811c2d7402022-01-05 10:01:45.462root 11241100x80000000000000006957290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cc97fd416e1b262022-01-05 10:01:45.462root 11241100x80000000000000006957291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b6ccb94d7277902022-01-05 10:01:45.462root 11241100x80000000000000006957292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf644ef8eef50c2022-01-05 10:01:45.462root 11241100x80000000000000006957293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78282c5c00f282c72022-01-05 10:01:45.463root 11241100x80000000000000006957294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb368009623757d72022-01-05 10:01:45.463root 11241100x80000000000000006957295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fe0313a9b926072022-01-05 10:01:45.463root 11241100x80000000000000006957296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3671e0a0642d46b02022-01-05 10:01:45.463root 354300x80000000000000006957297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.552{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-47056-false10.0.1.25-22- 11241100x80000000000000006957298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.552{ec2e79f3-6c89-61d5-0000-000000000000}23003/usr/sbin/sshd/proc/23003/oom_score_adj2022-01-05 10:01:45.552root 154100x80000000000000006957299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.552{ec2e79f3-6c89-61d5-e0d7-c3c299550000}23003/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 534500x80000000000000006957300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.667{ec2e79f3-6c89-61d5-e0d7-c3c299550000}23003/usr/sbin/sshdroot 11241100x80000000000000006957301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab3f5aa08ef71b92022-01-05 10:01:45.960root 11241100x80000000000000006957302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af839e42ae65301f2022-01-05 10:01:45.960root 11241100x80000000000000006957303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3a5adf4950fff82022-01-05 10:01:45.960root 11241100x80000000000000006957304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a11fab7fe482d22022-01-05 10:01:45.960root 11241100x80000000000000006957305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce04f9707f09c12022-01-05 10:01:45.960root 11241100x80000000000000006957306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ee0992280a8a932022-01-05 10:01:45.960root 11241100x80000000000000006957307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be828d141aa552d92022-01-05 10:01:45.960root 11241100x80000000000000006957308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646f8aaadd5764e92022-01-05 10:01:45.960root 11241100x80000000000000006957309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bfc5978ae57f242022-01-05 10:01:45.961root 11241100x80000000000000006957310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4e7721357359d52022-01-05 10:01:45.961root 11241100x80000000000000006957311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e8c75d83c6d9742022-01-05 10:01:45.961root 11241100x80000000000000006957312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0204757031bd64882022-01-05 10:01:45.961root 11241100x80000000000000006957313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc793784cf9458fa2022-01-05 10:01:45.961root 11241100x80000000000000006957314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc3142ba4d12a792022-01-05 10:01:45.961root 11241100x80000000000000006957315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654cea762b2ec572022-01-05 10:01:45.961root 11241100x80000000000000006957316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d121a93b3f001e2022-01-05 10:01:45.961root 11241100x80000000000000006957317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de37f6af8a6be302022-01-05 10:01:45.961root 11241100x80000000000000006957318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcd822979d4795c2022-01-05 10:01:45.962root 11241100x80000000000000006957319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ef46ad9990170d2022-01-05 10:01:45.962root 11241100x80000000000000006957320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476954720019a8662022-01-05 10:01:45.962root 11241100x80000000000000006957321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3420c4296afcc442022-01-05 10:01:45.962root 11241100x80000000000000006957322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47737565bbec61f72022-01-05 10:01:45.962root 11241100x80000000000000006957323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3b4fd4e4392a332022-01-05 10:01:45.962root 11241100x80000000000000006957324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0f6d187564cc552022-01-05 10:01:45.962root 11241100x80000000000000006957325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150708d771fc48712022-01-05 10:01:45.963root 11241100x80000000000000006957326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a4b51e268088002022-01-05 10:01:45.963root 11241100x80000000000000006957327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad28668b90577acd2022-01-05 10:01:45.963root 11241100x80000000000000006957328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a7debe7178661e2022-01-05 10:01:45.963root 11241100x80000000000000006957329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a3d18808398e602022-01-05 10:01:45.963root 11241100x80000000000000006957330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2353e30732e57732022-01-05 10:01:45.963root 11241100x80000000000000006957331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a636652f54a492022-01-05 10:01:45.963root 11241100x80000000000000006957332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4455b3b717643c622022-01-05 10:01:45.963root 11241100x80000000000000006957333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff24a7014d0589b32022-01-05 10:01:45.963root 11241100x80000000000000006957334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c4af2aeb9fd0162022-01-05 10:01:45.963root 11241100x80000000000000006957335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c343c797fccb08222022-01-05 10:01:45.963root 11241100x80000000000000006957336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe1e19e8c6719422022-01-05 10:01:45.963root 11241100x80000000000000006957337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30d9fe7e2399cd2022-01-05 10:01:45.963root 11241100x80000000000000006957338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aee83a5d026e4582022-01-05 10:01:45.963root 11241100x80000000000000006957339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab59b18d2ebc7a82022-01-05 10:01:45.963root 11241100x80000000000000006957340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1891dd926c2ff252022-01-05 10:01:45.964root 11241100x80000000000000006957341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a26629a689fa62022-01-05 10:01:45.964root 11241100x80000000000000006957342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff38ccfdc4371732022-01-05 10:01:45.964root 11241100x80000000000000006957343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d579d5f2fbbc92f2022-01-05 10:01:45.964root 11241100x80000000000000006957344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95651deef47ccaed2022-01-05 10:01:45.964root 11241100x80000000000000006957345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa9c4d1295d516f2022-01-05 10:01:45.964root 11241100x80000000000000006957346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09d9ca45a4a01962022-01-05 10:01:45.964root 11241100x80000000000000006957347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973cc26c6e5de17c2022-01-05 10:01:45.964root 11241100x80000000000000006957348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417177996bc82fc52022-01-05 10:01:45.964root 11241100x80000000000000006957349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1726c2fc01e6780f2022-01-05 10:01:45.964root 11241100x80000000000000006957350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3865a0843972952022-01-05 10:01:45.964root 11241100x80000000000000006957351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e54172108458122022-01-05 10:01:45.964root 11241100x80000000000000006957352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe49c1142b16d14f2022-01-05 10:01:45.964root 11241100x80000000000000006957353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa017132a0bcd962022-01-05 10:01:45.964root 11241100x80000000000000006957354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7192aa3359393dcc2022-01-05 10:01:45.964root 11241100x80000000000000006957355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:45.964{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010697d9a89b990a2022-01-05 10:01:45.964root 11241100x80000000000000006957356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2713ca019475b32022-01-05 10:01:46.460root 11241100x80000000000000006957357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4f436d110902612022-01-05 10:01:46.460root 11241100x80000000000000006957358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a654033b71a24782022-01-05 10:01:46.460root 11241100x80000000000000006957359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d08b9921a20aa2022-01-05 10:01:46.460root 11241100x80000000000000006957360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8b40b4c1efc41d2022-01-05 10:01:46.460root 11241100x80000000000000006957361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f7b03dfec92bbc2022-01-05 10:01:46.460root 11241100x80000000000000006957362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6212a27cf4cf31c2022-01-05 10:01:46.461root 11241100x80000000000000006957363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dc1e1759aa1a402022-01-05 10:01:46.461root 11241100x80000000000000006957364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1032a83bfbfe33d2022-01-05 10:01:46.461root 11241100x80000000000000006957365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a120fbed756f46c52022-01-05 10:01:46.461root 11241100x80000000000000006957366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dfc7c46456021c2022-01-05 10:01:46.461root 11241100x80000000000000006957367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76456ed1e3e2c0862022-01-05 10:01:46.461root 11241100x80000000000000006957368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4445f047696b5bd2022-01-05 10:01:46.461root 11241100x80000000000000006957369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62665a51821fa55f2022-01-05 10:01:46.461root 11241100x80000000000000006957370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eeb8b4ec21857c12022-01-05 10:01:46.461root 11241100x80000000000000006957371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ac29ad058d604d2022-01-05 10:01:46.461root 11241100x80000000000000006957372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481dd521de7a4f262022-01-05 10:01:46.461root 11241100x80000000000000006957373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3df81054a0cc0e2022-01-05 10:01:46.462root 11241100x80000000000000006957374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e30eb2377728272022-01-05 10:01:46.462root 11241100x80000000000000006957375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e73b096a44d72042022-01-05 10:01:46.462root 11241100x80000000000000006957376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa915eb559b79bf42022-01-05 10:01:46.462root 11241100x80000000000000006957377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541716ef4716d36e2022-01-05 10:01:46.462root 11241100x80000000000000006957378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ed82301decf29b2022-01-05 10:01:46.462root 11241100x80000000000000006957379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150d72cbe2b9e8362022-01-05 10:01:46.462root 11241100x80000000000000006957380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fcd34d29045a1e2022-01-05 10:01:46.462root 11241100x80000000000000006957381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37f34534e7effe92022-01-05 10:01:46.462root 11241100x80000000000000006957382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e139660056fa42022-01-05 10:01:46.462root 11241100x80000000000000006957383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b01d2b69719a232022-01-05 10:01:46.462root 11241100x80000000000000006957384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a22a67bd6c157c2022-01-05 10:01:46.462root 11241100x80000000000000006957385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c654683007a2122022-01-05 10:01:46.462root 11241100x80000000000000006957386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b710c639b6b5712022-01-05 10:01:46.462root 11241100x80000000000000006957387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0df9573c7cec9b2022-01-05 10:01:46.462root 11241100x80000000000000006957388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34efeb11e0be93c62022-01-05 10:01:46.463root 11241100x80000000000000006957389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b2b0d6c120b41f2022-01-05 10:01:46.463root 11241100x80000000000000006957390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc4fa096c61857b2022-01-05 10:01:46.463root 11241100x80000000000000006957391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c140929bf3e42122022-01-05 10:01:46.463root 11241100x80000000000000006957392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42daf144212737292022-01-05 10:01:46.463root 11241100x80000000000000006957393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60afddce8d6fe4f2022-01-05 10:01:46.463root 11241100x80000000000000006957394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fbfb055056f16e2022-01-05 10:01:46.463root 11241100x80000000000000006957395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb681d4c80ba23d2022-01-05 10:01:46.463root 11241100x80000000000000006957396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24265847806a33da2022-01-05 10:01:46.463root 11241100x80000000000000006957397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb070f7245910482022-01-05 10:01:46.463root 11241100x80000000000000006957398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387ac648b6383862022-01-05 10:01:46.959root 11241100x80000000000000006957399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06377b296755dc02022-01-05 10:01:46.959root 11241100x80000000000000006957400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744550fea68467932022-01-05 10:01:46.959root 11241100x80000000000000006957401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c871707999e920ed2022-01-05 10:01:46.960root 11241100x80000000000000006957402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183a94aa9ec638a72022-01-05 10:01:46.960root 11241100x80000000000000006957403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc48c4d135164afc2022-01-05 10:01:46.960root 11241100x80000000000000006957404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd77d292a8e648c2022-01-05 10:01:46.960root 11241100x80000000000000006957405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b905598fe09c4d2022-01-05 10:01:46.960root 11241100x80000000000000006957406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d09c7da250bbbe2022-01-05 10:01:46.960root 11241100x80000000000000006957407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f373ace2111a38262022-01-05 10:01:46.960root 11241100x80000000000000006957408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ca84dcf23c827d2022-01-05 10:01:46.960root 11241100x80000000000000006957409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f0a0c425623f202022-01-05 10:01:46.960root 11241100x80000000000000006957410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c18ad182a385f242022-01-05 10:01:46.960root 11241100x80000000000000006957411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1fa5bf42400f332022-01-05 10:01:46.961root 11241100x80000000000000006957412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326b5e263d1f9fe72022-01-05 10:01:46.961root 11241100x80000000000000006957413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3474f83441274a2e2022-01-05 10:01:46.961root 11241100x80000000000000006957414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de700c4d011e7b9d2022-01-05 10:01:46.961root 11241100x80000000000000006957415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea7cd1968faa0912022-01-05 10:01:46.961root 11241100x80000000000000006957416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111152177084732b2022-01-05 10:01:46.961root 11241100x80000000000000006957417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d2cb22377f39162022-01-05 10:01:46.961root 11241100x80000000000000006957418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e70ed38b6a07782022-01-05 10:01:46.961root 11241100x80000000000000006957419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7729b956dbd3b2022-01-05 10:01:46.961root 11241100x80000000000000006957420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5c811c90e9b8b82022-01-05 10:01:46.961root 11241100x80000000000000006957421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aceb2462ffcbde2022-01-05 10:01:46.962root 11241100x80000000000000006957422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f81a544b366720e2022-01-05 10:01:46.962root 11241100x80000000000000006957423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27bc4b06c1ad4a2d2022-01-05 10:01:46.962root 11241100x80000000000000006957424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa141224c07279ff2022-01-05 10:01:46.962root 11241100x80000000000000006957425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0183bfc3c3a4a9cc2022-01-05 10:01:46.962root 11241100x80000000000000006957426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daaad179b998a6d2022-01-05 10:01:46.962root 11241100x80000000000000006957427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ced6d1c2b221d32022-01-05 10:01:46.962root 11241100x80000000000000006957428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e644f61d6cf0ff7d2022-01-05 10:01:46.962root 11241100x80000000000000006957429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5709f35e60b5e2022-01-05 10:01:46.962root 11241100x80000000000000006957430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01db665807c15f2e2022-01-05 10:01:46.962root 11241100x80000000000000006957431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b1335d288f60732022-01-05 10:01:46.962root 11241100x80000000000000006957432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.962{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6964b4bacdbce7302022-01-05 10:01:46.962root 11241100x80000000000000006957433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc2a5b8a27516612022-01-05 10:01:46.963root 11241100x80000000000000006957434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502430c914491a1c2022-01-05 10:01:46.963root 11241100x80000000000000006957435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e121e8a20b8ab4f12022-01-05 10:01:46.963root 11241100x80000000000000006957436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b320506951b69b4a2022-01-05 10:01:46.963root 11241100x80000000000000006957437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a6e4053629eca2022-01-05 10:01:46.963root 11241100x80000000000000006957438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c2d1487517abe12022-01-05 10:01:46.963root 11241100x80000000000000006957439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2db1b844016c2fc2022-01-05 10:01:46.963root 11241100x80000000000000006957440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9749e61d14c704ef2022-01-05 10:01:46.963root 11241100x80000000000000006957441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbeee5d3944ab682022-01-05 10:01:46.963root 11241100x80000000000000006957442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2939b477006486cf2022-01-05 10:01:46.963root 11241100x80000000000000006957443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b049c79fd32aa3d2022-01-05 10:01:46.963root 11241100x80000000000000006957444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de8c8a15e4951f2022-01-05 10:01:46.963root 11241100x80000000000000006957445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0317798250b5c92022-01-05 10:01:46.963root 11241100x80000000000000006957446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.963{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71a4d5ecf11b182022-01-05 10:01:46.963root 11241100x80000000000000006957447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e726e3956c0d547c2022-01-05 10:01:46.967root 11241100x80000000000000006957448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:46.967{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8081c164dfd161ec2022-01-05 10:01:46.967root 11241100x80000000000000006957449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c9ac8f20c62eaa2022-01-05 10:01:47.459root 11241100x80000000000000006957450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6675d2327a581f42022-01-05 10:01:47.459root 11241100x80000000000000006957451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810918df6beb17802022-01-05 10:01:47.459root 11241100x80000000000000006957452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66600306b533d7632022-01-05 10:01:47.460root 11241100x80000000000000006957453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020e161b1dcaa7152022-01-05 10:01:47.460root 11241100x80000000000000006957454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40e9166230b53e32022-01-05 10:01:47.460root 11241100x80000000000000006957455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4334ff166b659c072022-01-05 10:01:47.460root 11241100x80000000000000006957456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d54f87dbf25e6702022-01-05 10:01:47.460root 11241100x80000000000000006957457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc6cc7affc485202022-01-05 10:01:47.460root 11241100x80000000000000006957458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dc9a2c8ef864da2022-01-05 10:01:47.460root 11241100x80000000000000006957459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ded2c9d533a356f2022-01-05 10:01:47.460root 11241100x80000000000000006957460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2ffb952abfdeb2022-01-05 10:01:47.460root 11241100x80000000000000006957461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909bb0ccf2bea2f62022-01-05 10:01:47.460root 11241100x80000000000000006957462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1025bca0588894442022-01-05 10:01:47.461root 11241100x80000000000000006957463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4014a4c6b0a8b9852022-01-05 10:01:47.461root 11241100x80000000000000006957464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60974ce3248d299e2022-01-05 10:01:47.461root 11241100x80000000000000006957465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e309459dfbe2c2022-01-05 10:01:47.461root 11241100x80000000000000006957466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe37d026ce1caf452022-01-05 10:01:47.461root 11241100x80000000000000006957467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514b0922197d4b922022-01-05 10:01:47.461root 11241100x80000000000000006957468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76ca456ab6618a92022-01-05 10:01:47.461root 11241100x80000000000000006957469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455977493aff44a02022-01-05 10:01:47.461root 11241100x80000000000000006957470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374cd5f48551eee12022-01-05 10:01:47.461root 11241100x80000000000000006957471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.461{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de1f39f77a23cbd2022-01-05 10:01:47.461root 11241100x80000000000000006957472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6cf32490fdba492022-01-05 10:01:47.462root 11241100x80000000000000006957473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367637fb24c630b42022-01-05 10:01:47.462root 11241100x80000000000000006957474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1175f817229a06a72022-01-05 10:01:47.462root 11241100x80000000000000006957475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374e892e8f4e83172022-01-05 10:01:47.462root 11241100x80000000000000006957476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64dc9d576f921572022-01-05 10:01:47.462root 11241100x80000000000000006957477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e968c1ccf5daa2022-01-05 10:01:47.462root 11241100x80000000000000006957478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0463e238f2d8dbae2022-01-05 10:01:47.462root 11241100x80000000000000006957479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3ec8bcd4713ef72022-01-05 10:01:47.462root 11241100x80000000000000006957480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a387a8d2f88c8722022-01-05 10:01:47.462root 11241100x80000000000000006957481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.462{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb363f1b760817c52022-01-05 10:01:47.462root 11241100x80000000000000006957482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec5a14d57adda7e2022-01-05 10:01:47.463root 11241100x80000000000000006957483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa0f916ce1711d2022-01-05 10:01:47.463root 11241100x80000000000000006957484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2901420a2157dedb2022-01-05 10:01:47.463root 11241100x80000000000000006957485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619a7552208843c72022-01-05 10:01:47.463root 11241100x80000000000000006957486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5940d6741392692e2022-01-05 10:01:47.463root 11241100x80000000000000006957487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b69d6c4bfb266312022-01-05 10:01:47.463root 11241100x80000000000000006957488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e3050f0f43d3a82022-01-05 10:01:47.463root 11241100x80000000000000006957489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14fc7d58d5106ca2022-01-05 10:01:47.463root 11241100x80000000000000006957490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d777bd20b74a812022-01-05 10:01:47.463root 11241100x80000000000000006957491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.463{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48594419d854de2022-01-05 10:01:47.463root 11241100x80000000000000006957492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf8d42eedfa5fd2022-01-05 10:01:47.464root 11241100x80000000000000006957493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c92376950c8ffa2022-01-05 10:01:47.464root 11241100x80000000000000006957494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c1bff4255968e62022-01-05 10:01:47.464root 11241100x80000000000000006957495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e6c82aea25e5222022-01-05 10:01:47.464root 11241100x80000000000000006957496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.464{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496cfc7c97b019ba2022-01-05 10:01:47.464root 11241100x80000000000000006957497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.472{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952140b0fa1689392022-01-05 10:01:47.472root 11241100x80000000000000006957498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f55b3182cb7b43a2022-01-05 10:01:47.473root 11241100x80000000000000006957499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5277add3aab85c402022-01-05 10:01:47.473root 11241100x80000000000000006957500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e76de967ce22ab02022-01-05 10:01:47.473root 11241100x80000000000000006957501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369a56aef50d2b1a2022-01-05 10:01:47.473root 11241100x80000000000000006957502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a76ad8d2b50183f2022-01-05 10:01:47.473root 11241100x80000000000000006957503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c97949fad27f7192022-01-05 10:01:47.473root 11241100x80000000000000006957504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd76d5968f7cb522022-01-05 10:01:47.473root 11241100x80000000000000006957505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4229a3567e5881e52022-01-05 10:01:47.473root 11241100x80000000000000006957506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.473{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b0957c2a79c92b2022-01-05 10:01:47.473root 11241100x80000000000000006957507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeef7afeaaf865f2022-01-05 10:01:47.474root 11241100x80000000000000006957508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451055438b99a4d62022-01-05 10:01:47.474root 11241100x80000000000000006957509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e35f3d65df9c4162022-01-05 10:01:47.474root 11241100x80000000000000006957510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92326738fada116c2022-01-05 10:01:47.474root 11241100x80000000000000006957511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dadd0fcceb38262022-01-05 10:01:47.474root 11241100x80000000000000006957512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322e62b2b28150532022-01-05 10:01:47.474root 11241100x80000000000000006957513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34eb35039fdc3f2022-01-05 10:01:47.474root 11241100x80000000000000006957514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.474{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dcba65e44366be2022-01-05 10:01:47.474root 11241100x80000000000000006957515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8317d35869b6c3ef2022-01-05 10:01:47.475root 11241100x80000000000000006957516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a4d79e6e6e53e12022-01-05 10:01:47.475root 11241100x80000000000000006957517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0033dc3620ce55602022-01-05 10:01:47.475root 154100x80000000000000006957518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-6c8b-61d5-68e4-0862d3550000}23004/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2325--- 11241100x80000000000000006957519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772687c28abdd1692022-01-05 10:01:47.475root 11241100x80000000000000006957520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281ad6edb7e7e74d2022-01-05 10:01:47.475root 11241100x80000000000000006957521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b6c1b506487aa42022-01-05 10:01:47.475root 11241100x80000000000000006957522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.475{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4451e9331c18b7262022-01-05 10:01:47.475root 11241100x80000000000000006957523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bfd46dd54de5172022-01-05 10:01:47.476root 11241100x80000000000000006957524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d812e85b64f2ca892022-01-05 10:01:47.476root 11241100x80000000000000006957525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ebbc59f539624f2022-01-05 10:01:47.476root 11241100x80000000000000006957526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfda3aa1ae2c0ef2022-01-05 10:01:47.476root 11241100x80000000000000006957527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1019c260340210f42022-01-05 10:01:47.476root 11241100x80000000000000006957528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.476{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa6daea08a8effa2022-01-05 10:01:47.476root 11241100x80000000000000006957529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6928d00813f662022-01-05 10:01:47.477root 11241100x80000000000000006957530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f15e89c0e590452022-01-05 10:01:47.477root 11241100x80000000000000006957531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9194b9e6254915ba2022-01-05 10:01:47.477root 11241100x80000000000000006957532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.477{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3432a47a5398630e2022-01-05 10:01:47.477root 11241100x80000000000000006957533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e27eab647da2ce2022-01-05 10:01:47.478root 11241100x80000000000000006957534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a94cde5678f1812022-01-05 10:01:47.478root 11241100x80000000000000006957535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45274bb9eaedd2482022-01-05 10:01:47.478root 11241100x80000000000000006957536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.478{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79dbf169a4e42042022-01-05 10:01:47.478root 11241100x80000000000000006957537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af67cf8e062aab2022-01-05 10:01:47.479root 11241100x80000000000000006957538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7654c1961afe0ca52022-01-05 10:01:47.479root 11241100x80000000000000006957539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6146de1363bd32022-01-05 10:01:47.479root 11241100x80000000000000006957540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.479{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d43983fc37f8aa42022-01-05 10:01:47.479root 11241100x80000000000000006957541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ce9da90ec267b2022-01-05 10:01:47.480root 11241100x80000000000000006957542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be3f17b1245b402022-01-05 10:01:47.480root 11241100x80000000000000006957543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494c2abdfcdb5b222022-01-05 10:01:47.480root 11241100x80000000000000006957544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c90222281de0c2022-01-05 10:01:47.480root 11241100x80000000000000006957545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.480{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5785183ed7bd432022-01-05 10:01:47.480root 11241100x80000000000000006957546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79a44d8bfad70252022-01-05 10:01:47.481root 11241100x80000000000000006957547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d689657fe1d8652022-01-05 10:01:47.481root 11241100x80000000000000006957548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e86bd057fc9ad52022-01-05 10:01:47.481root 11241100x80000000000000006957549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.481{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559fa4465a47e2872022-01-05 10:01:47.481root 534500x80000000000000006957550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.493{ec2e79f3-6c8b-61d5-68e4-0862d3550000}23004/bin/psroot 354300x80000000000000006957551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.905{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-47324-false10.0.1.25-22- 11241100x80000000000000006957552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.906{ec2e79f3-6c8b-61d5-0000-000000000000}23005/usr/sbin/sshd/proc/23005/oom_score_adj2022-01-05 10:01:47.906root 154100x80000000000000006957553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.906{ec2e79f3-6c8b-61d5-e007-50820b560000}23005/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 11241100x80000000000000006957554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff176c13e3ccf5222022-01-05 10:01:47.907root 11241100x80000000000000006957555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa54bdc5205610012022-01-05 10:01:47.907root 11241100x80000000000000006957556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f40fafc782fb3e62022-01-05 10:01:47.907root 11241100x80000000000000006957557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8e7881d577ef832022-01-05 10:01:47.907root 11241100x80000000000000006957558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf9d0e6366902b32022-01-05 10:01:47.907root 11241100x80000000000000006957559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5dc92205909baa2022-01-05 10:01:47.907root 11241100x80000000000000006957560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.907{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66519960dc51d1602022-01-05 10:01:47.907root 11241100x80000000000000006957561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93273310d7921baa2022-01-05 10:01:47.908root 11241100x80000000000000006957562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11dc472ccaf4caf2022-01-05 10:01:47.908root 11241100x80000000000000006957563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60927e9c0c983ee72022-01-05 10:01:47.908root 11241100x80000000000000006957564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1972481c74a0cd8a2022-01-05 10:01:47.908root 11241100x80000000000000006957565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c302231fea417b42022-01-05 10:01:47.908root 11241100x80000000000000006957566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704635f20d39a0392022-01-05 10:01:47.908root 11241100x80000000000000006957567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5da75edf9e06bc22022-01-05 10:01:47.908root 11241100x80000000000000006957568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26387b0a8757a2f2022-01-05 10:01:47.908root 11241100x80000000000000006957569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe68fc95427a10332022-01-05 10:01:47.908root 11241100x80000000000000006957570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.908{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbad9fc69c1f1be02022-01-05 10:01:47.908root 11241100x80000000000000006957571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0f9eab552a09ba2022-01-05 10:01:47.909root 11241100x80000000000000006957572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f822c24b43f46f542022-01-05 10:01:47.909root 11241100x80000000000000006957573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98322b49dc39ef42022-01-05 10:01:47.909root 11241100x80000000000000006957574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a726b95ea4884d92022-01-05 10:01:47.909root 11241100x80000000000000006957575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afdd3091076fd952022-01-05 10:01:47.909root 11241100x80000000000000006957576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f2a810c55e1c42022-01-05 10:01:47.909root 11241100x80000000000000006957577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d17e4e51ebad542022-01-05 10:01:47.909root 11241100x80000000000000006957578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990cbb0357c1975e2022-01-05 10:01:47.909root 11241100x80000000000000006957579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b665f0e47e6f4982022-01-05 10:01:47.909root 11241100x80000000000000006957580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27a601b7f1c50822022-01-05 10:01:47.909root 11241100x80000000000000006957581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.909{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb03e25a31ed7ca2022-01-05 10:01:47.909root 11241100x80000000000000006957582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cb02bbe0c91c5c2022-01-05 10:01:47.910root 11241100x80000000000000006957583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa9dd13b908146b2022-01-05 10:01:47.910root 11241100x80000000000000006957584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fd22f1e72655462022-01-05 10:01:47.910root 11241100x80000000000000006957585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79906e3d648466e42022-01-05 10:01:47.910root 11241100x80000000000000006957586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e9a26827dac6562022-01-05 10:01:47.910root 11241100x80000000000000006957587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d9214fcff9f99a2022-01-05 10:01:47.910root 11241100x80000000000000006957588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af63b75cd44870792022-01-05 10:01:47.910root 11241100x80000000000000006957589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20113e1b91068bed2022-01-05 10:01:47.910root 11241100x80000000000000006957590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608e1aaf5d09c6c22022-01-05 10:01:47.910root 11241100x80000000000000006957591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.910{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ea94f06f4bf9c62022-01-05 10:01:47.910root 11241100x80000000000000006957592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d95c4ddefdc8f62022-01-05 10:01:47.912root 11241100x80000000000000006957593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96fe9aea294de22022-01-05 10:01:47.912root 11241100x80000000000000006957594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21ca5d58151239c2022-01-05 10:01:47.912root 11241100x80000000000000006957595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95916bc86d4e223c2022-01-05 10:01:47.912root 11241100x80000000000000006957596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.912{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2fc0ab003a0ae12022-01-05 10:01:47.912root 11241100x80000000000000006957597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.913{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc501d4454a5da812022-01-05 10:01:47.913root 11241100x80000000000000006957598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.913{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c706f4b35ba892eb2022-01-05 10:01:47.913root 11241100x80000000000000006957599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.913{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274770865376a58d2022-01-05 10:01:47.913root 11241100x80000000000000006957600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0102978654dccd622022-01-05 10:01:47.915root 11241100x80000000000000006957601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edceb36d983645f42022-01-05 10:01:47.915root 11241100x80000000000000006957602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15226f2090365ec2022-01-05 10:01:47.915root 11241100x80000000000000006957603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.915{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd5f12ce93238da2022-01-05 10:01:47.915root 11241100x80000000000000006957604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed74f9ebb02e862022-01-05 10:01:47.916root 11241100x80000000000000006957605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6366c1912f6dd3e2022-01-05 10:01:47.916root 11241100x80000000000000006957606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3978a11fb48af4392022-01-05 10:01:47.916root 11241100x80000000000000006957607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.916{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4838ba6144f452022-01-05 10:01:47.916root 11241100x80000000000000006957608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3809fc957c60af4b2022-01-05 10:01:47.917root 11241100x80000000000000006957609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e36666a28986e1e2022-01-05 10:01:47.917root 11241100x80000000000000006957610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32e135e00380a6b2022-01-05 10:01:47.917root 11241100x80000000000000006957611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1653c2d7618c52022-01-05 10:01:47.917root 11241100x80000000000000006957612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.917{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725f8c76979d65502022-01-05 10:01:47.917root 11241100x80000000000000006957613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.918{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d3c7bfd60e42122022-01-05 10:01:47.918root 11241100x80000000000000006957614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.918{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86811cdef48d1eef2022-01-05 10:01:47.918root 11241100x80000000000000006957615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.918{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcf9aaf1f90338e2022-01-05 10:01:47.918root 11241100x80000000000000006957616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c685e1015eaff72022-01-05 10:01:47.919root 11241100x80000000000000006957617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d0a1953e2215bb2022-01-05 10:01:47.919root 11241100x80000000000000006957618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6d9da5ae891a872022-01-05 10:01:47.919root 11241100x80000000000000006957619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb185eb05bc5cdb2022-01-05 10:01:47.919root 11241100x80000000000000006957620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.919{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b919f7ad05706d2022-01-05 10:01:47.919root 11241100x80000000000000006957621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98f3a6a5d1d950c2022-01-05 10:01:47.920root 11241100x80000000000000006957622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cdc92da857a1fd2022-01-05 10:01:47.920root 11241100x80000000000000006957623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19eaf1fb266ad2bb2022-01-05 10:01:47.920root 11241100x80000000000000006957624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.920{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d12cc3dd66acec2022-01-05 10:01:47.920root 11241100x80000000000000006957625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.921{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6830c7f340c1064a2022-01-05 10:01:47.921root 11241100x80000000000000006957626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.921{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad5deb8cdb56a682022-01-05 10:01:47.921root 11241100x80000000000000006957627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.921{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236c29957d2c1a852022-01-05 10:01:47.921root 11241100x80000000000000006957628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b315a2530f8213d2022-01-05 10:01:47.923root 11241100x80000000000000006957629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee52d1329bd9d202022-01-05 10:01:47.923root 11241100x80000000000000006957630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e73e5d42c768c0f2022-01-05 10:01:47.923root 11241100x80000000000000006957631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f68d76638ba90ad2022-01-05 10:01:47.923root 11241100x80000000000000006957632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae6f5fdb2941c372022-01-05 10:01:47.923root 11241100x80000000000000006957633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.923{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823f13a8c8a5b3c52022-01-05 10:01:47.923root 11241100x80000000000000006957634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c75889c1053dcc2022-01-05 10:01:47.925root 11241100x80000000000000006957635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33acc193475bac52022-01-05 10:01:47.925root 11241100x80000000000000006957636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c55d16a234559e2022-01-05 10:01:47.925root 11241100x80000000000000006957637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b343c958d1f8a0d02022-01-05 10:01:47.925root 11241100x80000000000000006957638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.925{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308e52a87fa334e82022-01-05 10:01:47.925root 11241100x80000000000000006957639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.926{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab60fcbaf8f0a6f12022-01-05 10:01:47.926root 11241100x80000000000000006957640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.926{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f1d7163a90014d2022-01-05 10:01:47.926root 11241100x80000000000000006957641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.926{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80951833ff7edeb72022-01-05 10:01:47.926root 11241100x80000000000000006957642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.927{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eea44379cc92e692022-01-05 10:01:47.927root 11241100x80000000000000006957643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:47.927{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abbb3ed07c5e7e12022-01-05 10:01:47.927root 11241100x80000000000000006957644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d3732790d775f12022-01-05 10:01:48.209root 11241100x80000000000000006957645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cec88aae9808af82022-01-05 10:01:48.209root 11241100x80000000000000006957646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243ee87b17678ea72022-01-05 10:01:48.209root 11241100x80000000000000006957647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd9f571c5f6e5e2022-01-05 10:01:48.209root 11241100x80000000000000006957648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdaf661355304912022-01-05 10:01:48.209root 11241100x80000000000000006957649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74e736ee93237d02022-01-05 10:01:48.210root 11241100x80000000000000006957650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a88d205eedcaa282022-01-05 10:01:48.210root 11241100x80000000000000006957651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e3456e0191ab2e2022-01-05 10:01:48.210root 11241100x80000000000000006957652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fe96821ce57b642022-01-05 10:01:48.210root 11241100x80000000000000006957653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac04c31f78023122022-01-05 10:01:48.210root 11241100x80000000000000006957654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8940b83d182a662022-01-05 10:01:48.211root 11241100x80000000000000006957655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014db2cbe69ff302022-01-05 10:01:48.211root 11241100x80000000000000006957656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb790392d1d095b22022-01-05 10:01:48.211root 11241100x80000000000000006957657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfff164e61ad9e072022-01-05 10:01:48.211root 11241100x80000000000000006957658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054db367370fb0b52022-01-05 10:01:48.211root 11241100x80000000000000006957659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9694f9d20ed86d02022-01-05 10:01:48.211root 11241100x80000000000000006957660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfa7bfaf35380a62022-01-05 10:01:48.211root 11241100x80000000000000006957661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d6d270d0e188022022-01-05 10:01:48.211root 11241100x80000000000000006957662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f47e17eab7ddb2022-01-05 10:01:48.212root 11241100x80000000000000006957663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d372fbf44fa4c59f2022-01-05 10:01:48.212root 11241100x80000000000000006957664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5f5ac6b26e52092022-01-05 10:01:48.212root 11241100x80000000000000006957665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c937e9fc090d472022-01-05 10:01:48.212root 11241100x80000000000000006957666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cab69b60c4602a82022-01-05 10:01:48.212root 11241100x80000000000000006957667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef16ade62dc791c2022-01-05 10:01:48.213root 11241100x80000000000000006957668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafe7557ccbeaee92022-01-05 10:01:48.213root 11241100x80000000000000006957669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8af939429295002022-01-05 10:01:48.213root 11241100x80000000000000006957670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b28e4e6106dcab2022-01-05 10:01:48.213root 11241100x80000000000000006957671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb0fd6bcf085b442022-01-05 10:01:48.213root 11241100x80000000000000006957672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fbf04024fbf4452022-01-05 10:01:48.213root 11241100x80000000000000006957673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5ff265973b1c72022-01-05 10:01:48.213root 11241100x80000000000000006957674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326c1a0c33b3b7672022-01-05 10:01:48.213root 11241100x80000000000000006957675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896462ba0558acd12022-01-05 10:01:48.213root 11241100x80000000000000006957676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43763b3290137412022-01-05 10:01:48.214root 11241100x80000000000000006957677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c457ee6d12856b472022-01-05 10:01:48.214root 11241100x80000000000000006957678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1740a6afcf3bf02a2022-01-05 10:01:48.214root 11241100x80000000000000006957679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acce788436de544d2022-01-05 10:01:48.214root 11241100x80000000000000006957680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8bb1c7699574ff2022-01-05 10:01:48.214root 11241100x80000000000000006957681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c4b69d425bd1e82022-01-05 10:01:48.215root 11241100x80000000000000006957682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ad36f540af2d762022-01-05 10:01:48.215root 11241100x80000000000000006957683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caff09cf9f754e892022-01-05 10:01:48.215root 11241100x80000000000000006957684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f261375990f65182022-01-05 10:01:48.215root 11241100x80000000000000006957685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5040e2ed3a5479ae2022-01-05 10:01:48.215root 11241100x80000000000000006957686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905637fe4107751d2022-01-05 10:01:48.215root 11241100x80000000000000006957687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7a1df352fcc8f92022-01-05 10:01:48.215root 11241100x80000000000000006957688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca9a85759700b0d2022-01-05 10:01:48.215root 11241100x80000000000000006957689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e8b7ca0a1e3a8f2022-01-05 10:01:48.216root 11241100x80000000000000006957690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527be9c70f428b542022-01-05 10:01:48.216root 11241100x80000000000000006957691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7676dd7f619585f62022-01-05 10:01:48.216root 11241100x80000000000000006957692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5418b822301d9f2022-01-05 10:01:48.216root 11241100x80000000000000006957693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2968c9dbc47be582022-01-05 10:01:48.216root 11241100x80000000000000006957694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962bce5887da7a732022-01-05 10:01:48.216root 11241100x80000000000000006957695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf16acd2260bf712022-01-05 10:01:48.216root 11241100x80000000000000006957696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c55b3a1e886302022-01-05 10:01:48.216root 11241100x80000000000000006957697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0842573a118d87412022-01-05 10:01:48.216root 11241100x80000000000000006957698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd29a59bed2ba28c2022-01-05 10:01:48.217root 11241100x80000000000000006957699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0291ead7003b8b322022-01-05 10:01:48.217root 11241100x80000000000000006957700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2adffa955ece32022-01-05 10:01:48.217root 11241100x80000000000000006957701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec594c0b9a9213bd2022-01-05 10:01:48.217root 11241100x80000000000000006957702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c926d257adaba9cd2022-01-05 10:01:48.217root 11241100x80000000000000006957703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749b39bf6cfa8ebd2022-01-05 10:01:48.217root 11241100x80000000000000006957704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b925352e42e55c2022-01-05 10:01:48.217root 11241100x80000000000000006957705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d105316b080a4a2022-01-05 10:01:48.217root 11241100x80000000000000006957706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38706e6b7d0f97482022-01-05 10:01:48.217root 11241100x80000000000000006957707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ee3c95e07b3b652022-01-05 10:01:48.218root 11241100x80000000000000006957708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eac2843c71d410b2022-01-05 10:01:48.218root 11241100x80000000000000006957709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b56e02141aa79a42022-01-05 10:01:48.218root 11241100x80000000000000006957710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9415af9aebaef72022-01-05 10:01:48.218root 11241100x80000000000000006957711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.218{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd16b30031bb1ba2022-01-05 10:01:48.218root 11241100x80000000000000006957712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d82a472902a11de2022-01-05 10:01:48.219root 11241100x80000000000000006957713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eafed1127e9e192022-01-05 10:01:48.219root 11241100x80000000000000006957714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdce1d43ae757da32022-01-05 10:01:48.219root 11241100x80000000000000006957715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76adaaf28ba5b7d2022-01-05 10:01:48.219root 11241100x80000000000000006957716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.219{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824a26c676d4a9252022-01-05 10:01:48.219root 11241100x80000000000000006957717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088e802dd4aff972022-01-05 10:01:48.710root 11241100x80000000000000006957718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139399af9e96e7112022-01-05 10:01:48.710root 11241100x80000000000000006957719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ef23da5d569c292022-01-05 10:01:48.710root 11241100x80000000000000006957720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2c623de80b7d422022-01-05 10:01:48.710root 11241100x80000000000000006957721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f28f5e2b6b73fd22022-01-05 10:01:48.710root 11241100x80000000000000006957722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2778dab74823792022-01-05 10:01:48.710root 11241100x80000000000000006957723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b7636d8cc38bc2022-01-05 10:01:48.710root 11241100x80000000000000006957724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fd01205cd6a5642022-01-05 10:01:48.711root 11241100x80000000000000006957725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f64adba81a10f32022-01-05 10:01:48.711root 11241100x80000000000000006957726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165d152f86c1f2fe2022-01-05 10:01:48.711root 11241100x80000000000000006957727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e45653fab4febb2022-01-05 10:01:48.711root 11241100x80000000000000006957728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aa9155f1f1678c2022-01-05 10:01:48.711root 11241100x80000000000000006957729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a23f7be4b28f52022-01-05 10:01:48.711root 11241100x80000000000000006957730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd2b9f58578d02b2022-01-05 10:01:48.711root 11241100x80000000000000006957731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6593297a3ce0642022-01-05 10:01:48.711root 11241100x80000000000000006957732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2195c102f9d0e2022-01-05 10:01:48.711root 11241100x80000000000000006957733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306360be2822a412022-01-05 10:01:48.711root 11241100x80000000000000006957734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d92255bceec30af2022-01-05 10:01:48.712root 11241100x80000000000000006957735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279b6ac9b01d55ec2022-01-05 10:01:48.712root 11241100x80000000000000006957736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77273e247529fc822022-01-05 10:01:48.712root 11241100x80000000000000006957737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e92782f71afe8ec2022-01-05 10:01:48.712root 11241100x80000000000000006957738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ce4e05b8adf5002022-01-05 10:01:48.712root 11241100x80000000000000006957739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5b1b487be0f1d12022-01-05 10:01:48.712root 11241100x80000000000000006957740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a482b8be377c575c2022-01-05 10:01:48.713root 11241100x80000000000000006957741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9da2f063d9033292022-01-05 10:01:48.713root 11241100x80000000000000006957742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d82cc6633869632022-01-05 10:01:48.713root 11241100x80000000000000006957743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c29b41ed57f812022-01-05 10:01:48.713root 11241100x80000000000000006957744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.713{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388c6b2b69493e822022-01-05 10:01:48.713root 11241100x80000000000000006957745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f963e889b52beb2022-01-05 10:01:48.714root 11241100x80000000000000006957746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515820045f2315d32022-01-05 10:01:48.714root 11241100x80000000000000006957747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a86c46f5ed8f12022-01-05 10:01:48.714root 11241100x80000000000000006957748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcd4f81091bc88d2022-01-05 10:01:48.714root 11241100x80000000000000006957749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e255bc81f5ac2b9c2022-01-05 10:01:48.714root 11241100x80000000000000006957750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6105a96edffc81b32022-01-05 10:01:48.714root 11241100x80000000000000006957751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.714{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a834cc5d4fc9eb3d2022-01-05 10:01:48.714root 11241100x80000000000000006957752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eba0d5f9c5f57d2022-01-05 10:01:48.715root 11241100x80000000000000006957753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5e23233a802e352022-01-05 10:01:48.715root 11241100x80000000000000006957754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1f9064ccff9e202022-01-05 10:01:48.715root 11241100x80000000000000006957755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf0c2de217a47262022-01-05 10:01:48.715root 11241100x80000000000000006957756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54cae5a5347e0a62022-01-05 10:01:48.715root 11241100x80000000000000006957757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3569cb5c2b6279a22022-01-05 10:01:48.715root 11241100x80000000000000006957758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.715{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1c42288900a0562022-01-05 10:01:48.715root 11241100x80000000000000006957759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6a11171beebd022022-01-05 10:01:48.716root 11241100x80000000000000006957760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e81a456215dc5a2022-01-05 10:01:48.716root 11241100x80000000000000006957761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb69998cb13457892022-01-05 10:01:48.716root 11241100x80000000000000006957762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cd80d7d4648b3c2022-01-05 10:01:48.716root 11241100x80000000000000006957763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0006037caa1022022-01-05 10:01:48.716root 11241100x80000000000000006957764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:48.716{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93284e82b29891392022-01-05 10:01:48.716root 11241100x80000000000000006957765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40055b340bf1b5792022-01-05 10:01:49.209root 11241100x80000000000000006957766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b7c7bd75ee43242022-01-05 10:01:49.209root 11241100x80000000000000006957767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825be8ac5f2f9c5f2022-01-05 10:01:49.209root 11241100x80000000000000006957768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6101dfd7a79e4a382022-01-05 10:01:49.209root 11241100x80000000000000006957769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a929032dc99d1fa2022-01-05 10:01:49.209root 11241100x80000000000000006957770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7999837b9dfc48e52022-01-05 10:01:49.210root 11241100x80000000000000006957771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c576ac8877111a2022-01-05 10:01:49.210root 11241100x80000000000000006957772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab2bee178ac5a892022-01-05 10:01:49.210root 11241100x80000000000000006957773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfd2c17931add8b2022-01-05 10:01:49.210root 11241100x80000000000000006957774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e2ccedb8f8c7a62022-01-05 10:01:49.210root 11241100x80000000000000006957775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9827c4d3229648752022-01-05 10:01:49.210root 11241100x80000000000000006957776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f058be2724f18c2022-01-05 10:01:49.211root 11241100x80000000000000006957777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da907e085bdd8a2e2022-01-05 10:01:49.211root 11241100x80000000000000006957778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f262f76968e47db2022-01-05 10:01:49.211root 11241100x80000000000000006957779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678ffeed47e4945f2022-01-05 10:01:49.211root 11241100x80000000000000006957780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2e0fcb16212eab2022-01-05 10:01:49.211root 11241100x80000000000000006957781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5639ef2f9b354d32022-01-05 10:01:49.211root 11241100x80000000000000006957782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f358a65b247dfd32022-01-05 10:01:49.211root 11241100x80000000000000006957783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec181300d5538fce2022-01-05 10:01:49.211root 11241100x80000000000000006957784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef22408032c9b42022-01-05 10:01:49.211root 11241100x80000000000000006957785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6986628f68b953b02022-01-05 10:01:49.211root 11241100x80000000000000006957786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aefd7bebc614b1c2022-01-05 10:01:49.212root 11241100x80000000000000006957787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b631649b68e07152022-01-05 10:01:49.212root 11241100x80000000000000006957788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ea79621010b8892022-01-05 10:01:49.212root 11241100x80000000000000006957789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09cbe2bf29db94e2022-01-05 10:01:49.212root 11241100x80000000000000006957790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364e0b6f0b25a01a2022-01-05 10:01:49.212root 11241100x80000000000000006957791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e26ffdd4f4c2ca2022-01-05 10:01:49.212root 11241100x80000000000000006957792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aebbca86bab7c52022-01-05 10:01:49.212root 11241100x80000000000000006957793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8122145a7610d22022-01-05 10:01:49.212root 11241100x80000000000000006957794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45cb18f24e3f1fa2022-01-05 10:01:49.212root 11241100x80000000000000006957795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.212{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e581f35f36e98db42022-01-05 10:01:49.212root 11241100x80000000000000006957796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45c5f1fec770502022-01-05 10:01:49.213root 11241100x80000000000000006957797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9ade55406061882022-01-05 10:01:49.213root 11241100x80000000000000006957798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c45a49f4f1a366d2022-01-05 10:01:49.213root 11241100x80000000000000006957799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129fc5288fded1482022-01-05 10:01:49.213root 11241100x80000000000000006957800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6773e8f719360a842022-01-05 10:01:49.213root 11241100x80000000000000006957801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4074ac04399301f2022-01-05 10:01:49.213root 11241100x80000000000000006957802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d832352d66030b72022-01-05 10:01:49.213root 11241100x80000000000000006957803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9b752e29dd350a2022-01-05 10:01:49.213root 11241100x80000000000000006957804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe8ffd7a153ee02022-01-05 10:01:49.213root 11241100x80000000000000006957805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.213{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a878f06c17c102022-01-05 10:01:49.213root 11241100x80000000000000006957806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12138354abe6b0d2022-01-05 10:01:49.214root 11241100x80000000000000006957807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d4cbe4ee51e6a2022-01-05 10:01:49.214root 11241100x80000000000000006957808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0aafc4fa8e2662022-01-05 10:01:49.214root 11241100x80000000000000006957809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11df1718a8e4c1d2022-01-05 10:01:49.214root 11241100x80000000000000006957810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddc40f1c08eaf9f2022-01-05 10:01:49.214root 11241100x80000000000000006957811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.214{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c7415de96213df2022-01-05 10:01:49.214root 11241100x80000000000000006957812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3a694918119cfb2022-01-05 10:01:49.215root 11241100x80000000000000006957813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354a0b37df61dc552022-01-05 10:01:49.215root 11241100x80000000000000006957814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c8bff53614ec5c2022-01-05 10:01:49.215root 11241100x80000000000000006957815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79fb1766194eb0d2022-01-05 10:01:49.215root 11241100x80000000000000006957816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91386a3f2961b742022-01-05 10:01:49.215root 11241100x80000000000000006957817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb1a1a844c72672022-01-05 10:01:49.215root 11241100x80000000000000006957818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.215{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9745f908a3bebf2022-01-05 10:01:49.215root 11241100x80000000000000006957819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9812f08678243f2022-01-05 10:01:49.216root 11241100x80000000000000006957820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b120fd681fc8a9912022-01-05 10:01:49.216root 11241100x80000000000000006957821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd59c6c9a0aaa5332022-01-05 10:01:49.216root 11241100x80000000000000006957822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f908fa406ffad8d2022-01-05 10:01:49.216root 11241100x80000000000000006957823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.216{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e49109ded669382022-01-05 10:01:49.216root 11241100x80000000000000006957824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ae19cd655af13a2022-01-05 10:01:49.217root 11241100x80000000000000006957825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.217{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f46e2435532a5b2022-01-05 10:01:49.217root 11241100x80000000000000006957826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c0b56758414932022-01-05 10:01:49.709root 11241100x80000000000000006957827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a669fe3c5dfbf52022-01-05 10:01:49.709root 11241100x80000000000000006957828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f2dae60445694ad2022-01-05 10:01:49.710root 11241100x80000000000000006957829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220badae04bee1a82022-01-05 10:01:49.710root 11241100x80000000000000006957830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11940c515065be912022-01-05 10:01:49.710root 11241100x80000000000000006957831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f79e342a0627f62022-01-05 10:01:49.710root 11241100x80000000000000006957832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9418ed8dd9c077812022-01-05 10:01:49.710root 11241100x80000000000000006957833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecbe110a9344c762022-01-05 10:01:49.710root 11241100x80000000000000006957834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4b9608342a195a2022-01-05 10:01:49.710root 11241100x80000000000000006957835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01092c80f9125d932022-01-05 10:01:49.710root 11241100x80000000000000006957836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9a28a970f8a1d02022-01-05 10:01:49.710root 11241100x80000000000000006957837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe241073330f332022-01-05 10:01:49.710root 11241100x80000000000000006957838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a4ad36cb12e90b2022-01-05 10:01:49.711root 11241100x80000000000000006957839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1024ceb0a4e6d582022-01-05 10:01:49.711root 11241100x80000000000000006957840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a3db7a3561b1a32022-01-05 10:01:49.711root 11241100x80000000000000006957841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664bc44827c909fa2022-01-05 10:01:49.711root 11241100x80000000000000006957842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca52876c8075df742022-01-05 10:01:49.711root 11241100x80000000000000006957843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30b3887f6a5747b2022-01-05 10:01:49.711root 11241100x80000000000000006957844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6359fd96ab4b861f2022-01-05 10:01:49.711root 11241100x80000000000000006957845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ce1e1da24948c12022-01-05 10:01:49.711root 11241100x80000000000000006957846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079ef01010bc58a62022-01-05 10:01:49.712root 11241100x80000000000000006957847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a1e97b7abb6ff72022-01-05 10:01:49.712root 11241100x80000000000000006957848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d71388dece66e2022-01-05 10:01:49.712root 11241100x80000000000000006957849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c242a6f86a20dc8c2022-01-05 10:01:49.712root 11241100x80000000000000006957850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:49.712{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbba2948437618d32022-01-05 10:01:49.712root 534500x80000000000000006957900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.066{ec2e79f3-6c8b-61d5-0000-000000000000}23006-sshd 534500x80000000000000006957901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.067{ec2e79f3-6c8b-61d5-e007-50820b560000}23005/usr/sbin/sshdroot 354300x80000000000000006957902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.111{ec2e79f3-af4c-61d2-e0a7-320694550000}1083/usr/sbin/sshdroottcpfalsefalse47.253.45.0-48192-false10.0.1.25-22- 11241100x80000000000000006957903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.111{ec2e79f3-6c96-61d5-e0a7-320694550000}23007/usr/sbin/sshd/proc/23007/oom_score_adj2022-01-05 10:01:58.111root 154100x80000000000000006957904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.111{ec2e79f3-6c96-61d5-e077-9455f5550000}23007/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2e79f3-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1083--- 534500x80000000000000006957905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.303{ec2e79f3-6c96-61d5-0000-000000000000}23008-sshd 534500x80000000000000006957906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.303{ec2e79f3-6c96-61d5-e077-9455f5550000}23007/usr/sbin/sshdroot 11241100x80000000000000006957907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7b8f513919947b2022-01-05 10:01:58.459root 11241100x80000000000000006957908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68377c97b44608102022-01-05 10:01:58.459root 11241100x80000000000000006957909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c650524a0a38862022-01-05 10:01:58.459root 11241100x80000000000000006957910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563a36b3a7c46f812022-01-05 10:01:58.459root 11241100x80000000000000006957911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca4dc8a041060b32022-01-05 10:01:58.459root 11241100x80000000000000006957912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75892e2427664aab2022-01-05 10:01:58.460root 11241100x80000000000000006957913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391dbea7251865b42022-01-05 10:01:58.460root 11241100x80000000000000006957914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9970344f2b0bbf2022-01-05 10:01:58.960root 11241100x80000000000000006957915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36360125f3cbc7f2022-01-05 10:01:58.960root 11241100x80000000000000006957916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a688ff272edb0e2022-01-05 10:01:58.960root 11241100x80000000000000006957917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01f8380e8a1fb2b2022-01-05 10:01:58.960root 11241100x80000000000000006957918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18a1705c2c370b82022-01-05 10:01:58.960root 11241100x80000000000000006957919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b566e622fdef3e462022-01-05 10:01:58.961root 11241100x80000000000000006957920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:58.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf96b86577b59052022-01-05 10:01:58.961root 11241100x80000000000000006957921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.221{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2022-01-05 10:01:59.221root 11241100x80000000000000006957922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4cc7fef8a9b7f52022-01-05 10:01:59.222root 11241100x80000000000000006957923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.222{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba6760dd69f9df22022-01-05 10:01:59.222root 11241100x80000000000000006957924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751dbf7a54d0eac02022-01-05 10:01:59.223root 11241100x80000000000000006957925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20f1851f87e33c62022-01-05 10:01:59.223root 11241100x80000000000000006957926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d58f628c439942022-01-05 10:01:59.223root 11241100x80000000000000006957927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8dc3983926eaeb2022-01-05 10:01:59.223root 11241100x80000000000000006957928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ea2e80ec32404b2022-01-05 10:01:59.223root 11241100x80000000000000006957929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.223{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15137408925593f92022-01-05 10:01:59.223root 11241100x80000000000000006957930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b45c021f2ba2f482022-01-05 10:01:59.709root 11241100x80000000000000006957931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001fc7fdfa11d47e2022-01-05 10:01:59.709root 11241100x80000000000000006957932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42df8f8f61c2ad62022-01-05 10:01:59.709root 11241100x80000000000000006957933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3260ead670494d2022-01-05 10:01:59.710root 11241100x80000000000000006957934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0379c260d1438f552022-01-05 10:01:59.710root 11241100x80000000000000006957935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f38dae0f7e337a22022-01-05 10:01:59.710root 11241100x80000000000000006957936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef80985c7592f8c2022-01-05 10:01:59.710root 11241100x80000000000000006957937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:01:59.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dba944cc03d1902022-01-05 10:01:59.710root 11241100x80000000000000006957938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421547c28521d9e32022-01-05 10:02:00.209root 11241100x80000000000000006957939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5714b3e414649ac42022-01-05 10:02:00.209root 11241100x80000000000000006957940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ace43c110422c4c2022-01-05 10:02:00.209root 11241100x80000000000000006957941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8281cf28006694922022-01-05 10:02:00.209root 11241100x80000000000000006957942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcba3c06e83b65c2022-01-05 10:02:00.209root 11241100x80000000000000006957943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30286189b2493b6a2022-01-05 10:02:00.210root 11241100x80000000000000006957944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c98d20f1a41be42022-01-05 10:02:00.210root 11241100x80000000000000006957945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60833d4f40a08b12022-01-05 10:02:00.210root 11241100x80000000000000006957946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d552b468253b3e5b2022-01-05 10:02:00.709root 11241100x80000000000000006957947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62a4a2e53503ec2022-01-05 10:02:00.709root 11241100x80000000000000006957948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5aa0bf5bb81d8e2022-01-05 10:02:00.709root 11241100x80000000000000006957949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c9f75a99c153702022-01-05 10:02:00.709root 11241100x80000000000000006957950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df73832aa264c5942022-01-05 10:02:00.710root 11241100x80000000000000006957951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b283b2b683895e412022-01-05 10:02:00.710root 11241100x80000000000000006957952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e0b1704c89be72022-01-05 10:02:00.710root 11241100x80000000000000006957953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:00.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc48fa9db739ab82022-01-05 10:02:00.710root 354300x80000000000000006957954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.080{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41698-false10.0.1.12-8000- 11241100x80000000000000006957955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.080{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6083e7344c04bb02022-01-05 10:02:01.080root 11241100x80000000000000006957956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5f26101ec67c4d2022-01-05 10:02:01.081root 11241100x80000000000000006957957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d283cd5140e512432022-01-05 10:02:01.081root 11241100x80000000000000006957958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f03819d4dec6ff2022-01-05 10:02:01.081root 11241100x80000000000000006957959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7f8448ef8eb14c2022-01-05 10:02:01.081root 11241100x80000000000000006957960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fde84ed292372f32022-01-05 10:02:01.081root 11241100x80000000000000006957961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f5c46b380551c92022-01-05 10:02:01.081root 11241100x80000000000000006957962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.081{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a79e6a4ca5ecc2a2022-01-05 10:02:01.081root 11241100x80000000000000006957963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830b222677576e22022-01-05 10:02:01.082root 11241100x80000000000000006957964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49713802020806282022-01-05 10:02:01.082root 11241100x80000000000000006957965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f40e6d2b14df5772022-01-05 10:02:01.082root 11241100x80000000000000006957966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bb946ec8f5be912022-01-05 10:02:01.082root 11241100x80000000000000006957967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9a5fe81def20342022-01-05 10:02:01.082root 11241100x80000000000000006957968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.082{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620299ed294e48892022-01-05 10:02:01.082root 11241100x80000000000000006957969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42969163cb692bd22022-01-05 10:02:01.459root 11241100x80000000000000006957970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9cc3ed1f52d2592022-01-05 10:02:01.459root 11241100x80000000000000006957971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1be5a44a01982d12022-01-05 10:02:01.459root 11241100x80000000000000006957972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda4bcaad2e9626a2022-01-05 10:02:01.460root 11241100x80000000000000006957973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e693241ff759112022-01-05 10:02:01.460root 11241100x80000000000000006957974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093d4a65743588d62022-01-05 10:02:01.460root 11241100x80000000000000006957975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e274251a83a518f2022-01-05 10:02:01.460root 11241100x80000000000000006957976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e521520e25c43cc2022-01-05 10:02:01.460root 11241100x80000000000000006957977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1f64d52bcd559c2022-01-05 10:02:01.460root 11241100x80000000000000006957978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd1b515550251782022-01-05 10:02:01.959root 11241100x80000000000000006957979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6501a0bf1febe83c2022-01-05 10:02:01.959root 11241100x80000000000000006957980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdd23db096931472022-01-05 10:02:01.959root 11241100x80000000000000006957981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5c43f1e6fc87fc2022-01-05 10:02:01.959root 11241100x80000000000000006957982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc45c3638d8519be2022-01-05 10:02:01.959root 11241100x80000000000000006957983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f280e02887f5047d2022-01-05 10:02:01.960root 11241100x80000000000000006957984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac5e8579b83c91c2022-01-05 10:02:01.960root 11241100x80000000000000006957985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f88a03426364a972022-01-05 10:02:01.960root 11241100x80000000000000006957986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:01.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468fef4faa295da2022-01-05 10:02:01.960root 23542300x80000000000000006957987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.223{ec2e79f3-b2de-61d2-30d8-697fe6550000}5235root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000006957988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbf1ceaf98e20332022-01-05 10:02:02.224root 11241100x80000000000000006957989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6217c7437bc89f2022-01-05 10:02:02.224root 11241100x80000000000000006957990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf1fb280956af652022-01-05 10:02:02.224root 11241100x80000000000000006957991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c081ceb55da751152022-01-05 10:02:02.224root 11241100x80000000000000006957992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eadf203debbca52022-01-05 10:02:02.224root 11241100x80000000000000006957993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31a2109e0f8abf02022-01-05 10:02:02.224root 11241100x80000000000000006957994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f461310fd4a2122022-01-05 10:02:02.224root 11241100x80000000000000006957995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b6c9487eeff58d2022-01-05 10:02:02.224root 11241100x80000000000000006957996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555157a7204a94ec2022-01-05 10:02:02.224root 11241100x80000000000000006957997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.224{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128bc2b176b220b82022-01-05 10:02:02.224root 11241100x80000000000000006957998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d460cee500e056b2022-01-05 10:02:02.709root 11241100x80000000000000006957999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25598b77dffb71522022-01-05 10:02:02.709root 11241100x80000000000000006958000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d057fcf50c3932022-01-05 10:02:02.709root 11241100x80000000000000006958001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a63130050766c6d2022-01-05 10:02:02.709root 11241100x80000000000000006958002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7354899e9839e272022-01-05 10:02:02.710root 11241100x80000000000000006958003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b45c17faccdf5442022-01-05 10:02:02.710root 11241100x80000000000000006958004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6aa8ac3b093e0e2022-01-05 10:02:02.710root 11241100x80000000000000006958005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4edca8bccf03b42022-01-05 10:02:02.710root 11241100x80000000000000006958006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1491da402ff2af22022-01-05 10:02:02.710root 11241100x80000000000000006958007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:02.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10506e8fea06abb12022-01-05 10:02:02.710root 11241100x80000000000000006958008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007e7098097faf32022-01-05 10:02:03.209root 11241100x80000000000000006958009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f4fbfc67045dbc2022-01-05 10:02:03.210root 11241100x80000000000000006958010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9581b5c2c9049f952022-01-05 10:02:03.210root 11241100x80000000000000006958011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b8e1298ba8899d2022-01-05 10:02:03.210root 11241100x80000000000000006958012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42900308040e49c2022-01-05 10:02:03.210root 11241100x80000000000000006958013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5dc109b3235bb22022-01-05 10:02:03.210root 11241100x80000000000000006958014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6308cc4255ab6d692022-01-05 10:02:03.210root 11241100x80000000000000006958015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b499bd6fe8f4f2022-01-05 10:02:03.210root 11241100x80000000000000006958016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fc11c4e80a0d32022-01-05 10:02:03.210root 11241100x80000000000000006958017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec1fc129f1f59782022-01-05 10:02:03.210root 11241100x80000000000000006958018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9893217fe0b036502022-01-05 10:02:03.709root 11241100x80000000000000006958019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade6ac3ce292f33b2022-01-05 10:02:03.710root 11241100x80000000000000006958020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32be2207e294bec2022-01-05 10:02:03.710root 11241100x80000000000000006958021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a021247be540a2022-01-05 10:02:03.710root 11241100x80000000000000006958022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9c84dff6ac33972022-01-05 10:02:03.710root 11241100x80000000000000006958023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4ac4623d4f332e2022-01-05 10:02:03.710root 11241100x80000000000000006958024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8516d0f523b855c2022-01-05 10:02:03.710root 11241100x80000000000000006958025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff258638bc16cde02022-01-05 10:02:03.711root 11241100x80000000000000006958026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d22afeb5e45f3cf2022-01-05 10:02:03.711root 11241100x80000000000000006958027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:03.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a10b6694d5d9d52022-01-05 10:02:03.711root 11241100x80000000000000006958028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a701e296469629712022-01-05 10:02:04.209root 11241100x80000000000000006958029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6259fd1b6df24052022-01-05 10:02:04.210root 11241100x80000000000000006958030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7573d6310e1647a32022-01-05 10:02:04.210root 11241100x80000000000000006958031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794b9e5233e284002022-01-05 10:02:04.210root 11241100x80000000000000006958032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b93741b13adcce62022-01-05 10:02:04.210root 11241100x80000000000000006958033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab91552942450aea2022-01-05 10:02:04.210root 11241100x80000000000000006958034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ff81d4a2660be2022-01-05 10:02:04.210root 11241100x80000000000000006958035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e0a798293aa6c32022-01-05 10:02:04.210root 11241100x80000000000000006958036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095494094d4bf1b62022-01-05 10:02:04.211root 11241100x80000000000000006958037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3048aff60f736ed82022-01-05 10:02:04.211root 11241100x80000000000000006958038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7662101988d2a0dc2022-01-05 10:02:04.709root 11241100x80000000000000006958039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f71b48875f5c942022-01-05 10:02:04.710root 11241100x80000000000000006958040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b6f65dd70547412022-01-05 10:02:04.710root 11241100x80000000000000006958041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8330275427a5853d2022-01-05 10:02:04.710root 11241100x80000000000000006958042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70890a8a30bd04632022-01-05 10:02:04.710root 11241100x80000000000000006958043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237f60493c6e66752022-01-05 10:02:04.710root 11241100x80000000000000006958044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c6ba8d458bd5222022-01-05 10:02:04.711root 11241100x80000000000000006958045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474efc581e2284892022-01-05 10:02:04.711root 11241100x80000000000000006958046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f30ca554e8b46602022-01-05 10:02:04.711root 11241100x80000000000000006958047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:04.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25a5eb01dbfcb6b2022-01-05 10:02:04.711root 11241100x80000000000000006958048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b800cfc2a1bad33d2022-01-05 10:02:05.209root 11241100x80000000000000006958049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f5f4a9527854e22022-01-05 10:02:05.210root 11241100x80000000000000006958050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8238acb1b81338802022-01-05 10:02:05.210root 11241100x80000000000000006958051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2343badfb4329b032022-01-05 10:02:05.210root 11241100x80000000000000006958052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb735903b2bc6c2022-01-05 10:02:05.210root 11241100x80000000000000006958053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed285a5e4db92f12022-01-05 10:02:05.210root 11241100x80000000000000006958054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b7154ee7931d842022-01-05 10:02:05.210root 11241100x80000000000000006958055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78187194799ce2bc2022-01-05 10:02:05.211root 11241100x80000000000000006958056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425616cd332b4ac82022-01-05 10:02:05.211root 11241100x80000000000000006958057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8880ed7c080d712022-01-05 10:02:05.211root 11241100x80000000000000006958058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238389f3d993f7ba2022-01-05 10:02:05.709root 11241100x80000000000000006958059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73200a363319ec602022-01-05 10:02:05.710root 11241100x80000000000000006958060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385187dd553490342022-01-05 10:02:05.710root 11241100x80000000000000006958061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78baffd26521afe12022-01-05 10:02:05.710root 11241100x80000000000000006958062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e2388e408881c2022-01-05 10:02:05.710root 11241100x80000000000000006958063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f38acc9bda23532022-01-05 10:02:05.710root 11241100x80000000000000006958064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3728d9d3320d9452022-01-05 10:02:05.710root 11241100x80000000000000006958065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24236722fb0a15272022-01-05 10:02:05.711root 11241100x80000000000000006958066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a298a5b7179af592022-01-05 10:02:05.711root 11241100x80000000000000006958067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:05.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d1b8ea57c2f27d2022-01-05 10:02:05.711root 11241100x80000000000000006958068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b41d49e7d3bb3b2022-01-05 10:02:06.209root 11241100x80000000000000006958069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206b9642994ec05d2022-01-05 10:02:06.210root 11241100x80000000000000006958070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e39d84641a976082022-01-05 10:02:06.210root 11241100x80000000000000006958071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691e1af5dcfecebf2022-01-05 10:02:06.210root 11241100x80000000000000006958072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bdc27eb6de4ff82022-01-05 10:02:06.210root 11241100x80000000000000006958073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff76c97329e9b962022-01-05 10:02:06.210root 11241100x80000000000000006958074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389cfd686a75a9d52022-01-05 10:02:06.210root 11241100x80000000000000006958075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1281c013b5a634d2022-01-05 10:02:06.211root 11241100x80000000000000006958076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7086c53b7a8247d2022-01-05 10:02:06.211root 11241100x80000000000000006958077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d792ded12aab5dad2022-01-05 10:02:06.211root 354300x80000000000000006958078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.224{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41700-false10.0.1.12-8000- 11241100x80000000000000006958079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f6c22c8919d6e2022-01-05 10:02:06.709root 11241100x80000000000000006958080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b3206de1e7d5612022-01-05 10:02:06.710root 11241100x80000000000000006958081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bda3c1790f98b42022-01-05 10:02:06.710root 11241100x80000000000000006958082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413ecb5a02e17da22022-01-05 10:02:06.710root 11241100x80000000000000006958083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8d586d7836bebe2022-01-05 10:02:06.710root 11241100x80000000000000006958084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bf02a9f65c7a7b2022-01-05 10:02:06.710root 11241100x80000000000000006958085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefbcf568143e9882022-01-05 10:02:06.711root 11241100x80000000000000006958086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78198d53824307652022-01-05 10:02:06.711root 11241100x80000000000000006958087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc8d62b0d37ee4e2022-01-05 10:02:06.711root 11241100x80000000000000006958088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe78330cf177fdea2022-01-05 10:02:06.711root 11241100x80000000000000006958089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:06.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bbfddad92fdb1f2022-01-05 10:02:06.711root 11241100x80000000000000006958090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3af99ac7ffb5892022-01-05 10:02:07.209root 11241100x80000000000000006958091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc27f88fd468b2b12022-01-05 10:02:07.210root 11241100x80000000000000006958092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8afd6e7c6a13e42022-01-05 10:02:07.210root 11241100x80000000000000006958093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a57e2afe91d73af2022-01-05 10:02:07.210root 11241100x80000000000000006958094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab506fe1caaf3682022-01-05 10:02:07.210root 11241100x80000000000000006958095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9719e5ebff3fba012022-01-05 10:02:07.210root 11241100x80000000000000006958096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccbdb744f1abb632022-01-05 10:02:07.210root 11241100x80000000000000006958097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22d273cebe16912022-01-05 10:02:07.211root 11241100x80000000000000006958098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e07b4f3248a0b72022-01-05 10:02:07.211root 11241100x80000000000000006958099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1e7ffae15561002022-01-05 10:02:07.211root 11241100x80000000000000006958100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8fb4a10b2354852022-01-05 10:02:07.211root 11241100x80000000000000006958101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb95eeda0eddc2b2022-01-05 10:02:07.709root 11241100x80000000000000006958102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96aa4860261226f2022-01-05 10:02:07.710root 11241100x80000000000000006958103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e3843cd9ce252b2022-01-05 10:02:07.710root 11241100x80000000000000006958104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ea8d74ddebc5782022-01-05 10:02:07.710root 11241100x80000000000000006958105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58e2d4a0ba828b02022-01-05 10:02:07.710root 11241100x80000000000000006958106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604510dbf41c2b132022-01-05 10:02:07.710root 11241100x80000000000000006958107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cb1cfe4ea7b82d2022-01-05 10:02:07.710root 11241100x80000000000000006958108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c2c79e52ecb6902022-01-05 10:02:07.711root 11241100x80000000000000006958109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6711ddb0dc1dd92022-01-05 10:02:07.711root 11241100x80000000000000006958110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a322c7a4e1e67a402022-01-05 10:02:07.711root 11241100x80000000000000006958111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:07.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e24ff4c833cf9eb2022-01-05 10:02:07.711root 11241100x80000000000000006958112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76a97b98be385d62022-01-05 10:02:08.209root 11241100x80000000000000006958113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2862742b90afab5d2022-01-05 10:02:08.210root 11241100x80000000000000006958114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b2ab77fe2e0d492022-01-05 10:02:08.210root 11241100x80000000000000006958115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a6aae41f8a00ea2022-01-05 10:02:08.210root 11241100x80000000000000006958116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314b10cf272a18ef2022-01-05 10:02:08.210root 11241100x80000000000000006958117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fb2587aa6b8de22022-01-05 10:02:08.210root 11241100x80000000000000006958118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a39ce6fc6914fa72022-01-05 10:02:08.210root 11241100x80000000000000006958119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b245d832aec1f202022-01-05 10:02:08.211root 11241100x80000000000000006958120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4722deb3e815ebc2022-01-05 10:02:08.211root 11241100x80000000000000006958121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f1a546db2b4f52022-01-05 10:02:08.211root 11241100x80000000000000006958122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439b95c24ac964172022-01-05 10:02:08.211root 11241100x80000000000000006958123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc691e2f02951fe2022-01-05 10:02:08.709root 11241100x80000000000000006958124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee47a36b47ce7a102022-01-05 10:02:08.710root 11241100x80000000000000006958125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d21f0630aee25a2022-01-05 10:02:08.710root 11241100x80000000000000006958126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af62af40be46c1732022-01-05 10:02:08.710root 11241100x80000000000000006958127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8fd451fc0ec46e2022-01-05 10:02:08.710root 11241100x80000000000000006958128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3c5551684b5e4e2022-01-05 10:02:08.710root 11241100x80000000000000006958129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a9da2eea52ec72022-01-05 10:02:08.710root 11241100x80000000000000006958130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd296e5dc1ea3a72022-01-05 10:02:08.711root 11241100x80000000000000006958131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497f6a838f2f92222022-01-05 10:02:08.711root 11241100x80000000000000006958132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f31d0360c0750752022-01-05 10:02:08.711root 11241100x80000000000000006958133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:08.711{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a816d08b5432695a2022-01-05 10:02:08.711root 11241100x80000000000000006958134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb019b80e6ec1092022-01-05 10:02:09.209root 11241100x80000000000000006958135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b4e06384838b9d2022-01-05 10:02:09.210root 11241100x80000000000000006958136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773c736250b35b992022-01-05 10:02:09.210root 11241100x80000000000000006958137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb1786d182d34232022-01-05 10:02:09.210root 11241100x80000000000000006958138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6250d03283f09c2022-01-05 10:02:09.210root 11241100x80000000000000006958139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c88ce2f5cd9676f2022-01-05 10:02:09.211root 11241100x80000000000000006958140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ab0c8a56797722022-01-05 10:02:09.211root 11241100x80000000000000006958141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b931fa4f2ebd462022-01-05 10:02:09.211root 11241100x80000000000000006958142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065899b8e0f886492022-01-05 10:02:09.211root 11241100x80000000000000006958143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226c29025e9a401e2022-01-05 10:02:09.211root 11241100x80000000000000006958144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.211{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8ea1c07f3182232022-01-05 10:02:09.211root 11241100x80000000000000006958145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedca2a79b1ff91a2022-01-05 10:02:09.709root 11241100x80000000000000006958146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371d0d45ec6128412022-01-05 10:02:09.710root 11241100x80000000000000006958147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958a818352e5fd202022-01-05 10:02:09.710root 11241100x80000000000000006958148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238dfe35eb51712a2022-01-05 10:02:09.710root 11241100x80000000000000006958149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3582b4ba9987391c2022-01-05 10:02:09.710root 11241100x80000000000000006958150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8becb05771a8ad482022-01-05 10:02:09.710root 11241100x80000000000000006958151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f15e601bd895ec32022-01-05 10:02:09.710root 11241100x80000000000000006958152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0a275a853982032022-01-05 10:02:09.710root 11241100x80000000000000006958153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9965d9502aa9b3bc2022-01-05 10:02:09.710root 11241100x80000000000000006958154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7e324e69f530f52022-01-05 10:02:09.710root 11241100x80000000000000006958155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:09.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503f31e211a4c09b2022-01-05 10:02:09.710root 11241100x80000000000000006958156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2ca498706ea0ec2022-01-05 10:02:10.209root 11241100x80000000000000006958157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bc74cd2f6b13b12022-01-05 10:02:10.210root 11241100x80000000000000006958158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6afcfc396b716ee2022-01-05 10:02:10.210root 11241100x80000000000000006958159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fce17009159e73b2022-01-05 10:02:10.210root 11241100x80000000000000006958160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7972e5cc41c6cfde2022-01-05 10:02:10.210root 11241100x80000000000000006958161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b33a8f68907275c2022-01-05 10:02:10.210root 11241100x80000000000000006958162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337a2e275c2528d62022-01-05 10:02:10.210root 11241100x80000000000000006958163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba424835eaf912652022-01-05 10:02:10.210root 11241100x80000000000000006958164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034f2e3df85287602022-01-05 10:02:10.210root 11241100x80000000000000006958165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102dd9ba61e0e8b02022-01-05 10:02:10.210root 11241100x80000000000000006958166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa41ad1de92930d2022-01-05 10:02:10.210root 11241100x80000000000000006958167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a3add8d70c733c2022-01-05 10:02:10.709root 11241100x80000000000000006958168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c666836228b9755c2022-01-05 10:02:10.709root 11241100x80000000000000006958169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd063cb7fb6fd7d12022-01-05 10:02:10.709root 11241100x80000000000000006958170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0a9d7061556e1f2022-01-05 10:02:10.710root 11241100x80000000000000006958171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000e033ba32ff82c2022-01-05 10:02:10.710root 11241100x80000000000000006958172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf580abfeb2c662022-01-05 10:02:10.710root 11241100x80000000000000006958173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a160d67958b3e5d02022-01-05 10:02:10.710root 11241100x80000000000000006958174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6744c56a56b9e392022-01-05 10:02:10.710root 11241100x80000000000000006958175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196fb6a38fede012022-01-05 10:02:10.710root 11241100x80000000000000006958176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3f02ac96ee4d392022-01-05 10:02:10.710root 11241100x80000000000000006958177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:10.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc03255681e9555e2022-01-05 10:02:10.710root 11241100x80000000000000006958178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68de5ed738339812022-01-05 10:02:11.209root 11241100x80000000000000006958179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13fb5b80b43c432022-01-05 10:02:11.209root 11241100x80000000000000006958180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.209{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d385c143ffbac912022-01-05 10:02:11.209root 11241100x80000000000000006958181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16394f5da09277852022-01-05 10:02:11.210root 11241100x80000000000000006958182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9157d24afe174a52022-01-05 10:02:11.210root 11241100x80000000000000006958183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb68cceafaf22f82022-01-05 10:02:11.210root 11241100x80000000000000006958184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d56755ea5739be2022-01-05 10:02:11.210root 11241100x80000000000000006958185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a768e6b4d6d1c38b2022-01-05 10:02:11.210root 11241100x80000000000000006958186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b838b912d12f6a52022-01-05 10:02:11.210root 11241100x80000000000000006958187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cd0142c7c85efb2022-01-05 10:02:11.210root 11241100x80000000000000006958188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.210{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06d8cdc98f03e272022-01-05 10:02:11.210root 11241100x80000000000000006958189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ecb9a61acfa3972022-01-05 10:02:11.709root 11241100x80000000000000006958190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a76d31e02836482022-01-05 10:02:11.709root 11241100x80000000000000006958191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.709{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b30a4e48e05b6672022-01-05 10:02:11.709root 11241100x80000000000000006958192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f546befc0c0ffebf2022-01-05 10:02:11.710root 11241100x80000000000000006958193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c81bc858c038272022-01-05 10:02:11.710root 11241100x80000000000000006958194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490f72506efc2f0f2022-01-05 10:02:11.710root 11241100x80000000000000006958195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f284d5e6910d435d2022-01-05 10:02:11.710root 11241100x80000000000000006958196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0befa10c943bbb2022-01-05 10:02:11.710root 11241100x80000000000000006958197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c492958574ccf0b82022-01-05 10:02:11.710root 11241100x80000000000000006958198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42342fe76ac9c4a2022-01-05 10:02:11.710root 11241100x80000000000000006958199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:11.710{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6061818c27068ae42022-01-05 10:02:11.710root 354300x80000000000000006958200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.040{ec2e79f3-b2e6-61d2-5175-3a0400000000}5308/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-41702-false10.0.1.12-8000- 11241100x80000000000000006958201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22002217a1ea929b2022-01-05 10:02:12.041root 11241100x80000000000000006958202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1da81f74aeddc382022-01-05 10:02:12.041root 11241100x80000000000000006958203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.041{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2bbee57b369d9d2022-01-05 10:02:12.041root 11241100x80000000000000006958204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3c4c4da2e50b0b2022-01-05 10:02:12.042root 11241100x80000000000000006958205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2812d97713d14a82022-01-05 10:02:12.042root 11241100x80000000000000006958206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff8b838bcbb1d52022-01-05 10:02:12.042root 11241100x80000000000000006958207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a21fd4c868c8362022-01-05 10:02:12.042root 11241100x80000000000000006958208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.042{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45baaf772bb759542022-01-05 10:02:12.042root 11241100x80000000000000006958209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fcc43afdd518392022-01-05 10:02:12.043root 11241100x80000000000000006958210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c197e45aae226f62022-01-05 10:02:12.043root 11241100x80000000000000006958211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c1ddc5ec3b5a272022-01-05 10:02:12.043root 11241100x80000000000000006958212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.043{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edbb4774188acf2022-01-05 10:02:12.043root 11241100x80000000000000006958213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3968a530329bedc2022-01-05 10:02:12.459root 11241100x80000000000000006958214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b482c4ddaca8102022-01-05 10:02:12.459root 11241100x80000000000000006958215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0514cc0ded0d82af2022-01-05 10:02:12.460root 11241100x80000000000000006958216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a869def378943e42022-01-05 10:02:12.460root 11241100x80000000000000006958217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81754dca57c263352022-01-05 10:02:12.460root 11241100x80000000000000006958218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1395d5ddd7446e2f2022-01-05 10:02:12.460root 11241100x80000000000000006958219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525963da9f42c782022-01-05 10:02:12.460root 11241100x80000000000000006958220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3fe2b4a382ec7b2022-01-05 10:02:12.460root 11241100x80000000000000006958221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d995392f53eec72022-01-05 10:02:12.460root 11241100x80000000000000006958222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2a4ae4cade33a32022-01-05 10:02:12.460root 11241100x80000000000000006958223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a528723d80a38c52022-01-05 10:02:12.460root 11241100x80000000000000006958224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41d120e60fd8d022022-01-05 10:02:12.460root 11241100x80000000000000006958225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f37d4c19c26b452022-01-05 10:02:12.959root 11241100x80000000000000006958226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5f8410fc28618a2022-01-05 10:02:12.959root 11241100x80000000000000006958227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e504bcb60f53ad642022-01-05 10:02:12.960root 11241100x80000000000000006958228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d08cc22c2757b92022-01-05 10:02:12.960root 11241100x80000000000000006958229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1569c943557b752022-01-05 10:02:12.960root 11241100x80000000000000006958230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d97494785410eb2022-01-05 10:02:12.960root 11241100x80000000000000006958231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d34fb622283da72022-01-05 10:02:12.960root 11241100x80000000000000006958232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97b5c74051400ed2022-01-05 10:02:12.960root 11241100x80000000000000006958233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8b3fc49fc50e622022-01-05 10:02:12.960root 11241100x80000000000000006958234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f95571734c25172022-01-05 10:02:12.960root 11241100x80000000000000006958235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3e7d1f0a8f2a602022-01-05 10:02:12.960root 11241100x80000000000000006958236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:12.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f0e40088c2b5022022-01-05 10:02:12.960root 11241100x80000000000000006958237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c70f4d414f20d2022-01-05 10:02:13.459root 11241100x80000000000000006958238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d16efdc52d0d22c2022-01-05 10:02:13.459root 11241100x80000000000000006958239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7859410069b9b2022-01-05 10:02:13.460root 11241100x80000000000000006958240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7c7c4d959f512e2022-01-05 10:02:13.460root 11241100x80000000000000006958241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb4b6674684f4032022-01-05 10:02:13.460root 11241100x80000000000000006958242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510293f6be2e3f672022-01-05 10:02:13.460root 11241100x80000000000000006958243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb8fdd8e27d31672022-01-05 10:02:13.460root 11241100x80000000000000006958244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bab0e5d9c90b40a2022-01-05 10:02:13.460root 11241100x80000000000000006958245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac4260e7dc0e1c2022-01-05 10:02:13.460root 11241100x80000000000000006958246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d29e1e3208b4d62022-01-05 10:02:13.460root 11241100x80000000000000006958247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426681c34ab247972022-01-05 10:02:13.460root 11241100x80000000000000006958248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74808b1ce6c295a92022-01-05 10:02:13.460root 11241100x80000000000000006958249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e9e27c46fafd982022-01-05 10:02:13.959root 11241100x80000000000000006958250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9af32612ce4a68c2022-01-05 10:02:13.959root 11241100x80000000000000006958251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2975b073737096b42022-01-05 10:02:13.959root 11241100x80000000000000006958252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf3474c770a79702022-01-05 10:02:13.960root 11241100x80000000000000006958253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f43f940a46d30a82022-01-05 10:02:13.960root 11241100x80000000000000006958254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007360311b3d7a622022-01-05 10:02:13.960root 11241100x80000000000000006958255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d31f5749f17647c2022-01-05 10:02:13.960root 11241100x80000000000000006958256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c1c945f9da6862022-01-05 10:02:13.960root 11241100x80000000000000006958257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879738b2b14842972022-01-05 10:02:13.960root 11241100x80000000000000006958258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7443a718e03a0ff2022-01-05 10:02:13.960root 11241100x80000000000000006958259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8987ce6bc331d92022-01-05 10:02:13.960root 11241100x80000000000000006958260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:13.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5861a26055e3da522022-01-05 10:02:13.960root 11241100x80000000000000006958261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dace708a25c9b6b2022-01-05 10:02:14.459root 11241100x80000000000000006958262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829674821923b9662022-01-05 10:02:14.459root 11241100x80000000000000006958263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d2102d2a2bc12b2022-01-05 10:02:14.459root 11241100x80000000000000006958264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fe64a9346bad122022-01-05 10:02:14.460root 11241100x80000000000000006958265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d87cbcba8b62e912022-01-05 10:02:14.460root 11241100x80000000000000006958266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc6198faaa091f42022-01-05 10:02:14.460root 11241100x80000000000000006958267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5b02663605a39e2022-01-05 10:02:14.460root 11241100x80000000000000006958268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b388be328b75e9462022-01-05 10:02:14.460root 11241100x80000000000000006958269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c14151db1bbe3572022-01-05 10:02:14.460root 11241100x80000000000000006958270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f389a8e9a8bbd6f2022-01-05 10:02:14.460root 11241100x80000000000000006958271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa78f8cf6e7f96e32022-01-05 10:02:14.460root 11241100x80000000000000006958272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d14c645c0acdc42022-01-05 10:02:14.460root 11241100x80000000000000006958273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ec65d2bd2242102022-01-05 10:02:14.959root 11241100x80000000000000006958274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389af9e406a21aa72022-01-05 10:02:14.960root 11241100x80000000000000006958275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d621fa7522fbc7f62022-01-05 10:02:14.960root 11241100x80000000000000006958276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d4daf418b1c5582022-01-05 10:02:14.960root 11241100x80000000000000006958277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90e82449daf300c2022-01-05 10:02:14.960root 11241100x80000000000000006958278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcee8798ad2d19ed2022-01-05 10:02:14.960root 11241100x80000000000000006958279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee22a64c697f6da2022-01-05 10:02:14.960root 11241100x80000000000000006958280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a833ec588394b42022-01-05 10:02:14.960root 11241100x80000000000000006958281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed35240aafe90dd2022-01-05 10:02:14.960root 11241100x80000000000000006958282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa43e6a30f94602e2022-01-05 10:02:14.960root 11241100x80000000000000006958283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b3fc0a12f1ee4c2022-01-05 10:02:14.960root 11241100x80000000000000006958284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:14.961{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ddd177c9c4c1282022-01-05 10:02:14.961root 11241100x80000000000000006958285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd08385660cdd3c2022-01-05 10:02:15.459root 11241100x80000000000000006958286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164d7993a59387eb2022-01-05 10:02:15.459root 11241100x80000000000000006958287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928c279b4dfb63d2022-01-05 10:02:15.459root 11241100x80000000000000006958288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626016a2a5c834402022-01-05 10:02:15.460root 11241100x80000000000000006958289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3966984ba4b01e6c2022-01-05 10:02:15.460root 11241100x80000000000000006958290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87706c31d8c27762022-01-05 10:02:15.460root 11241100x80000000000000006958291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7e218b300fdf42022-01-05 10:02:15.460root 11241100x80000000000000006958292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94f9d7630c5fe562022-01-05 10:02:15.460root 11241100x80000000000000006958293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717451db9fe5731c2022-01-05 10:02:15.460root 11241100x80000000000000006958294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af266b4dc8be0f052022-01-05 10:02:15.460root 11241100x80000000000000006958295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f466aefe8a2588922022-01-05 10:02:15.460root 11241100x80000000000000006958296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5ee3dc40b864432022-01-05 10:02:15.460root 11241100x80000000000000006958297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.959{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9fc4883e97b6a72022-01-05 10:02:15.959root 11241100x80000000000000006958298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afabff9516f77b802022-01-05 10:02:15.960root 11241100x80000000000000006958299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72236b96e2ba15b2022-01-05 10:02:15.960root 11241100x80000000000000006958300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedb8f2984fc6fe72022-01-05 10:02:15.960root 11241100x80000000000000006958301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6065cf8acaa0f6752022-01-05 10:02:15.960root 11241100x80000000000000006958302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489ca4bfe69610752022-01-05 10:02:15.960root 11241100x80000000000000006958303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7b0fb5c110f16a2022-01-05 10:02:15.960root 11241100x80000000000000006958304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4449342ae03c7e2022-01-05 10:02:15.960root 11241100x80000000000000006958305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dab22d5776d3b62022-01-05 10:02:15.960root 11241100x80000000000000006958306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51129f8a1357f412022-01-05 10:02:15.960root 11241100x80000000000000006958307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832821e76ecf33c32022-01-05 10:02:15.960root 11241100x80000000000000006958308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:15.960{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b397e3b92fa7d3732022-01-05 10:02:15.960root 11241100x80000000000000006958309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea4f3d6337fb74c2022-01-05 10:02:16.459root 11241100x80000000000000006958310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.459{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b29d6308a5615792022-01-05 10:02:16.459root 11241100x80000000000000006958311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127214c99f4f51522022-01-05 10:02:16.460root 11241100x80000000000000006958312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-1796-2022-01-05 10:02:16.460{ec2e79f3-b2e3-61d2-30a8-585b69550000}5303/opt/splun